http://www.thycotic.com/forums/messages.aspx?TopicID=244 Thycotic Community - Secret Server - Closing tab in Internet Explorer circumvents the timeout value - Messages en-us http://blogs.law.harvard.edu/tech/rss Jitbit AspNetForum Tue, 30 Mar 2010 09:47:17 GMT Tue, 30 Mar 2010 09:47:17 GMT http://www.thycotic.com/forums/messages.aspx?TopicID=244
David
Thycotic Support]]> Tue, 30 Mar 2010 09:47:17 GMT http://www.thycotic.com/forums/messages.aspx?TopicID=244
forms name="ihawu" protection="All" timeout="15" slidingExpiration="true" loginUrl="Login.aspx"

to fall in line with the inactivity timeout of 15 Minutes. Restarted the web server, not sure if I needed to do this or not.

Deane]]> Wed, 13 Jan 2010 01:30:39 GMT http://www.thycotic.com/forums/messages.aspx?TopicID=244
There is a server-side setting for this.

First, you would need to disable the Remember Me feature from the Admin Configuration screen.

Then lower the session timeout in the web.config file. The timeout is in minutes and will look like the line below. (Updated to 5 minutes)

forms name="ihawu" protection="All" timeout="1000000" slidingExpiration="true" loginUrl="Login.aspx"

Setting this timeout will ignore the browser session, and the user will have to login after the timeout period elapses. The timeout begins when the user session becomes inactive.


best,
Scott
Thycotic Support]]> Tue, 12 Jan 2010 11:50:20 GMT http://www.thycotic.com/forums/messages.aspx?TopicID=244
I have what is hopefully an easy question. If I close a tab on Internet Explorer without loggin out of Secret Server and then open a new tab later in the day it will connect me straight through to secret server without logging in. I have a timeout value set to 15 minutes which works fine if you leave the tab logged in. I guess this is something that IIS controls but I'm not sure where to start looking.

Any help would be very much appreciated as this has been spotted by our security guys.

Thanks

Deane]]> Tue, 12 Jan 2010 08:50:23 GMT