Forced refresh on secure sites

[funeralcrasher]

Is there a best practice with auto-refresh times on secure sites? (So sensitive info isn't left on a screen for hours, for others to look at).

Comments

[bedivere.livejournal.com]

My experience has been that every organization sets its own standard with regard to things like that. I've done work for banks and government agencies which deal with sensitive info on public-facing websites and most of them the policy has been 30 minutes and in some cases less.