There was a long thread about a recent problem (now fixed) with session timeouts:
Engineering fixed a problem where sessions were getting timed out after only eight hours. It's now been fixed so sessions expire after two weeks if the "Remember me" box is checked. There was some discussion about whether this is still too short (30 days is more typical). I happen to agree, but there's a larger issue I'd like to bring to the attention of Engineering:
Being creatures of habit, people are often doing the same thing at around the same time each day. By having the session time out EXACTLY on the 14-day anniversary of the previous log in, you are increasing the chances that the session will expire while the user is browsing, or, even worse, posting. Both of these have happened to me more than once. It would make more sense to add a few hours to the expiration to reduce the chances of this happening. Even better, if you add 12 hours to the expiration then the session will probably timeout when the user is unlikely to be on CH. I'm sure this could be tweaked by looking at actual user data, but 12 hours is probably a good approximation.
What do you think?