Missing Session Timeout on community.liveperson.com for logged in users

Karthick

Description: The site community.liveperson.com does not implement a session timeout for user sessions. This can lead to potential security risks and a suboptimal user experience due to indefinitely active sessions.

Steps to Reproduce:

1. Log in to community.liveperson.com.
2. Remain inactive for an extended period. Example: my logged in session was active for more than a week on the browser..
3. Observe that the session does not timeout and the user remains logged in.

Expected Behavior: The site should implement a session timeout to automatically log users out after a period of inactivity, enhancing security and user session management.

Actual Behavior: Users remain logged in indefinitely without a session timeout, potentially compromising security.

Recommended Session Timeout Duration:

• High Security: 15-30 minutes of inactivity
• General Use: 1-2 hours of inactivity
• Low Activity: 4-8 hours of inactivity
  

Sue

Thank you. We will take this up with the vendor.