Deconstructing the Poor Design of a Well-Intentioned Microinteraction

The American Airlines customer stared at the message on the screen: Your session expired. It wasn’t there before, but now it’s there. And she didn’t know what to do about it.

A few moments earlier, after she thought she’d bought her plane tickets, she opened up another tab to book her hotel rooms for the trip. Then she rented a car. She came back to the American Airlines tab to get her confirmation number, to put that on her calendar.

Instead of the number, she found the expiration message. Any confirmed transactions are saved, but you’ll need to restart any searches or unfinished transactions. Was the transaction finished? She was pretty sure she’d bought tickets, but were these confirmed? She didn’t know what she was supposed to do next.

A Canonical Security Design Pattern

The designers at American Airlines have lots of reasons to want a session to time out. A customer who isn’t sure about a flight (or shopping around at competitors), might leave a half booked flight open, never intending to finish it. American’s designers want to return the flights to the open inventory, so another customer could book those seats.

Similarly, if someone else sits down at the machine after the customer is done, but…