Member-only story
Deconstructing the Poor Design of a Well-Intentioned Microinteraction
The American Airlines customer stared at the message on the screen: Your session expired. It wasn’t there before, but now it’s there. And she didn’t know what to do about it.
A few moments earlier, after she thought she’d bought her plane tickets, she opened up another tab to book her hotel rooms for the trip. Then she rented a car. She came back to the American Airlines tab to get her confirmation number, to put that on her calendar.
Instead of the number, she found the expiration message. Any confirmed transactions are saved, but you’ll need to restart any searches or unfinished transactions. Was the transaction finished? She was pretty sure she’d bought tickets, but were these confirmed? She didn’t know what she was supposed to do next.
A Canonical Security Design Pattern
The designers at American Airlines have lots of reasons to want a session to time out. A customer who isn’t sure about a flight (or shopping around at competitors), might leave a half booked flight open, never intending to finish it. American’s designers want to return the flights to the open inventory, so another customer could book those seats.
Similarly, if someone else sits down at the machine after the customer is done, but hasn’t closed the browser, they might have access to details and capabilities the customer didn’t intend to share. Having the session expire will prevent a future messy situation.
Session time outs aren’t unique to American Airlines. Banking sites, business tools, and other applications will log someone off if they take too long to complete the transaction or leave the application without activity for a long period.
Often, the session timeout invokes a Your session expired design pattern. This message pops up after some arbitrarily chosen time period. For most users, this revelation is rarely good news. Either an important function has been interrupted, or it’s just noise that’s confusing.
A Poor Microinteraction that’s Well Intentioned.
The Your session expired design pattern is a microinteraction, an interaction in the design that’s small and functional…