For banking sites, and other sites with secure transaction flows, it is standard practice to have the user’s web session timeout if they have been idle for some time. What is not standard is to apply this same type of logic to a user who has not even signed into the site.

After going to StarOne.org, and navigating away from the browser, I returned in about an hour. What I saw was surprising – the site had timed out even though I had never signed in. This is annoying and unnecessary.