I'm going to go with that old chestnut: It Depends. The author gives a variety of scenarios where the session could be stolen, but doesn't really discuss the context and threat models around them. There is no one-size-fits-all. Shorter expiration times might be the right choice in some scenarios, and useless in others.
Also, yes, shared computers without user separation are still a thing. Not all libraries have the budget or technical expertise to secure shared computers as well as possible. Also, there's public WiFi, something I'm betting the author uses all the time.
Also, yes, shared computers without user separation are still a thing. Not all libraries have the budget or technical expertise to secure shared computers as well as possible. Also, there's public WiFi, something I'm betting the author uses all the time.