The session timeout is controlled by the www_a_session_time_out or the Meta-tags "REFRESH" value -- if it is present and has a lower value.
There are two considerations:
One is the freeing up of the resources associated with a session and a second is the privacy issue associated with public terminals.
1) Since the ALEPH Web OPAC is "stateless" there aren't many resources associated with a session. The z05/z110 result-sets persist regardless of any timeout which may occur. For license purposes, web sessions are considered active for 2 minutes even if the session has timed out. (And having a timeout longer than 2 minutes will not result in the session continuing to be counted as active for license purposes: the system will stop counting it after 2 minutes if the user has not hit Enter, even if it has not timed out.)
2) Thus, the main session time-out issue is the public-terminal privacy issue. Within this, there are 2 sub-cases:
(a) the case where the user is not signed on; and
(b) the case where the user *is* signed on.
2.a. If a non-signed-on user walks away from a public terminal, you, ideally, would not leave the search indefinitely for the next user to view. On the other hand, you don't want to kick a user back to the initial screen who is legitimately just sitting and thinking about a particular screen. We have been distributing the setenv www_a_session_time_out as 600 seconds (10 minutes). Customers implementing the OPAC have found a REFRESH value of "200" (3 minutes) to be too short.
2.b. The case of a user who *has* signed on and has failed to log off has bigger implications: the succeeding user could get the logged-on user's phone#, address, the books he/she has signed out, and change the user's pincode.