Whenever you enter your username and password, the app or site opens a “session,” quickly compiling relevant data to your account and connecting you to the servers and tools you need. That creates a security risk: If your session is still open and another person on the same computer goes to the same site, he or she could have access to all your stuff. As a result, most developers set an end date for your session, automatically closing your connection to the site or app after a specified amount of time. This security risk is also why you have to confirm your identity when changing account settings or shipping purchases to new addresses.
To illustrate, let’s look at our own wsj.com. Years ago, the developers building The Wall Street Journal’s website decided that sessions should expire after 15 days, said Ramin Beheshti, chief product and technology officer at the Journal’s publisher, Dow Jones. That meant twice a month, you’d re-enter your password, so the Journal could make sure it was you and not some account thief sitting at your computer.
Join the conversation as a VIP Member