LoginOS
← Patterns

Pattern 09

Session expiry transparency

Always communicate session duration up front, and warn before expiry when there's active or unsaved work at stake.

Sessions Trust

Problem

Silent session expiry — a user returns to find themselves logged out with no explanation — feels like a bug and often loses unsaved work.

Recommendation

Always communicate session duration up front, and warn before expiry when there's active or unsaved work at stake.

UX impact

Removes the confusing, unexplained logout moment that erodes trust in the product's reliability.

Security impact

Encourages shorter, safer session lifetimes because the tradeoff is now visible and explained, rather than hidden to avoid user friction.

Implementation notes

Trigger a warning toast a fixed interval before expiry, and offer one-tap re-authentication (biometric or passkey) instead of a full login form.