IIS Server Security - Set force logout if idle

This is Interesting: Free IT Magazines  
Home > Archive > IIS Server Security > November 2007 > Set force logout if idle





You are viewing an archived Text-only version of the thread. To view this thread in it's original format and/or if you want to reply to this thread please [click here]

Author Set force logout if idle
Rick

2007-11-23, 7:30 am

Can I set a idle time limit on a website in IIS to logout a user? does
it have to be a SSL site?

thanks

Rick
David Wang

2007-11-24, 7:17 pm

On Nov 23, 4:13 am, Rick <drummer10...@gmail.com> wrote:
> Can I set a idle time limit on a website in IIS to logout a user? does
> it have to be a SSL site?
>
> thanks
>
> Rick


Technically, there is no such thing as "idle timeout" in HTTP for IIS
to implement because HTTP is stateless -- i.e. nothing to idle timeout
if there is no state. Thus, IIS doesn't have anything that looks like
"idle timeout".

However, application platforms on top of IIS, like ASP, ASP.Net, PHP,
etc as well as Authentication protocols such as Basic, NTLM, and
Kerberos, do have notions of state and hence timeout since they have
ways to maintaining state using HTTP. They are all configured
differently.

Thus, the answer to your question really depends on the application
you are talking about and how it is written.


//David
http://w3-4u.blogspot.com
http://blogs.msdn.com/David.Wang
//
Sponsored Links






Free braindumps | Software forum | Database administration forum

Copyright 2003 - 2008 webservertalk.com