I am trying to understand this ASP.Net application so i hope you can
help me

We have a wish to change the application so that internal users will
have more time before the application times out.(when a uses is on the
site - they will be arsked to log in again after a certain amount of
time)

My problem is that i see a lot of different timeout functions in Use
and i Would like to now how one is diferent from the other - because
changing either of them dosent seem to change anything.

We have this in Web.Config:

<CommerceServer>
<application siteName="CustomersLounge3" debugLevel="Checked"/>
<authentication ticketTimeOut="30" detectCookies="true"/>
<pipelines/>
<caches/>
<commerceEvent>
<add className="Microsoft.CommerceServer.Runtime.AddItemToBasketEvent"
id="AddItemToBasket"/>
<add className="Microsoft.CommerceServer.Runtime.RemoveItemFromBasketEvent"
id="RemoveItemFromBasket"/>
<add className="Microsoft.CommerceServer.Runtime.SubmitOrderEvent"
id="SubmitOrder" loggingEnabled="true"/>
</commerceEvent>
</CommerceServer>

<sessionState mode="InProc"
stateConnectionString="tcpip=127.0.0.1:42424"
sqlConnectionString="data source=127.0.0.1;user id=sa;password=sa"
cookieless="false" timeout="20"/>

Login.aspx.cs:


authInfo.SetAuthTicket(userId, true, 20);
//Create the profile ticket.
authInfo.SetProfileTicket(userId, true);
Global.RecordSessionData(cp,this.Request,this.Session);
FormsAuthentication.SetAuthCookie(this.UserID.Text,false);

I small explanation about the different types of timeout would be nice

Regards

kim

[ Post a follow-up to this message ]

Thank you for using Microsoft Newsgroups.

See the product documentation section titled Commerce Server 2002 >
Developer's Guide > Programmer's Reference > .NET Class Reference >
Microsoft .CommerceServer.RunTime > AuthManager Class (BCL) > AuthManager
Methods (BCL) > AuthManager.SetAuthTicket  (String, Boolean, Int32) Method
(BCL).

The setting for timewindow parameter will determine how long the user is
logged.  There are other factor such as the timewindow in which the filter
checks whether it is a valid user.

This information is valid if you are using AuthFilter/either custom or
windows authentication which looks like you do from the code included in
the posting.  You can increase the time "
authInfo.SetAuthTicket(userId, true, 20);" from 20 to a higher number and
test.   The default is 90, do you know why it was set to 20?

Maria Quian
Microsoft Technical Support

This posting is provided "AS IS" with no warranties, and confers no rights.
You assume all risk for your use. © 2002 Microsoft Corporation. All rights
reserved.

[ Post a follow-up to this message ]

mquian@online.microsoft.com (Maria Quian [MSFT]) wrote in message news:<iQHZFdzoEHA.3468
@cpmsftngxa06.phx.gbl>...
> Thank you for using Microsoft Newsgroups.
>
> See the product documentation section titled Commerce Server 2002 >
> Developer's Guide > Programmer's Reference > .NET Class Reference >
> Microsoft .CommerceServer.RunTime > AuthManager Class (BCL) > AuthManager
> Methods (BCL) > AuthManager.SetAuthTicket  (String, Boolean, Int32) Method
> (BCL).
>
> The setting for timewindow parameter will determine how long the user is
> logged.  There are other factor such as the timewindow in which the filter
> checks whether it is a valid user.
>
> This information is valid if you are using AuthFilter/either custom or
> windows authentication which looks like you do from the code included in
> the posting.  You can increase the time "
> authInfo.SetAuthTicket(userId, true, 20);" from 20 to a higher number and
> test.   The default is 90, do you know why it was set to 20?
>
> Maria Quian
> Microsoft Technical Support
>
> This posting is provided "AS IS" with no warranties, and confers no rights
.
> You assume all risk for your use. © 2002 Microsoft Corporation. All rights
> reserved.
> --


Hi Again


I have already looked in the documentation and tried to set the
timewindow down to 1 min. - but as mentioned earlyer it dosent seem to
have any affect on the application.

we are using Form authentication:

(from web.config)

<authentication mode="Forms" >
<forms loginUrl="AuthFiles/Login.aspx"/>
</authentication>

I am not sure if we use AuthFilter

I dont no why i was changed from 90 to 20

we use this to determine if a user is authenticated:

System.Web.HttpContext.Current.User

[ Post a follow-up to this message ]

Thank you for using Microsoft Newsgroups.

You can determine if you are using AuthFilter by checking for ISAPI filters
at the IIS server and web site level.  It is called CSAuthFilter > go to
properties for the server or the web site and select ISAPI filters tab.

You probably want to go up in your timewindows
"authInfo.SetAuthTicket(userId, true, 20);" so users have a bigger slide
window to stay logged.


Maria Quian
Microsoft Technical Support

This posting is provided "AS IS" with no warranties, and confers no rights.
You assume all risk for your use. © 2002 Microsoft Corporation. All rights
reserved.

[ Post a follow-up to this message ]