Re: session won't timeout
- From: IanM <IanM@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Wed, 23 May 2007 11:04:01 -0700
many apologies Mike for the double post
iisreset - a hundred times
anyone else?
more info
Maybe this is a session cookie issue? When I check the cookies at the
client browser there is this one: WSS_KeepSessionAuthenticated Expires: At
the end of session. If I kill the session cookie using IE Developer Toolbar,
the IIS challenge pops up. If I close the browser also the cookie will be
destroyed.
When I look in the IE cache during a Sharepoint Session there is one cookie
from my web server set to expire in thirty minutes. If I delete it during
the session without closing IE I can continue to stay authenticated and work
as usual. Again, if I used a tool like Developer Toolbar to kill the session
cookie I will be prompted to re-authenticate.
So I guess my question is if anyone knows how to control this cookie
behavior in sharepoint? Can you make it expire in someone's browser? Maybe a
web.confg setting?
Also does anyone know the equivalent command in stsadm for this:
WSS Application General Settings: Security Validation On, Expires after 1
I've had issues before using the UI to make system changes.
Thanks again
"Mike Walsh" wrote:
Please decide whether you post a message to a forum or to a newsgroup..
There's no point in posting identical messages to both Microsoft public
forums and Microsoft public newsgroups on the same day (as you did with this
one).
No answer on the question as you seem to have covered the bases.
I'm surprised this
WSS Application General Settings: Security Validation On, Expires after 1
minute
isn't having the desired effect.
You've run iisreset for luck I suppose.
Mike Walsh
WSS FAQ: www.wssv3faq.com / wss.collutions.com
No private questions please (additions to FAQ welcome)
"IanM" <IanM@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:565AF876-7F3F-4529-B6F1-5BCD69201E0C@xxxxxxxxxxxxxxxx
Hi all,
I'm trying to get my site to re-authenticate the user after a period of
inactivity (to speed testing I'm trying one minute). I'm assuming this is
possible and IIS would throw another challenge . The problem now is that
a
user can leave their computer indefinitely, return, and keep on working.
The
relevant information is as follows:
Authentication mode: Basic Authentication over SSL(selfSSL cert)
authenticating to an AD server.
IIS Connection Timeout: 60 seconds
IIS Content Expiration enabled, expires immediately
ASP State Mgmt: InProc, UseCookies, Session Timeout 1 min.
WSS Application General Settings: Security Validation On, Expires after 1
minute
My environment is:
Windows 2003 R2 Web Edition
WSS 3.0
IIS 6.0
I've been testing on both Firefox and IE browsers, internally and
externally
Any help would be appreciated. Thanks much
Ian
- References:
- Re: session won't timeout
- From: Mike Walsh
- Re: session won't timeout
- Prev by Date: Re: What account can be causing this error?
- Next by Date: To move a Site Collection
- Previous by thread: Re: session won't timeout
- Next by thread: What account can be causing this error?
- Index(es):
Relevant Pages
|
