On Mon, Apr 20, 2009 4:50 PM, Chris Lafty <cla...@stlawu.edu> wrote:
> Can you kill an
> application cookie and not automatically create another? For example,
> can we configure IISCosign to ask for the password again for just this
> one site? Any other ideas on how we can segment session time outs for
> one application would be greatly appreciated. Otherwise, the
> programmers will have to write code to reauthenticate internally within
> the site.
>
It's not exactly what you want, but you could use the CosignService
directive to set a separate service cookie for the one application that
was different from other applications on the same server, and set up an
automated task (or similar) to delete any service cookie with that name
from your cookie database if it's more than 20 minutes old. On your
central weblogin servers, specify that that service cookie name requires
reauthentication.
The user will then be asked to reauthenticate the first time they visit
that special web application, plus every 20 minutes thereafter, but
other web applications will not be affected.
Mark Montague
ITCS Web/Database Team
The University of Michigan
markm...@umich.edu
------------------------------------------------------------------------------
Stay on top of everything new and different, both inside and
around Java (TM) technology - register by April 22, and save
$200 on the JavaOne (SM) conference, June 2-5, 2009, San Francisco.
300 plus technical and hands-on sessions. Register today.
Use priority code J9JMT32. http://p.sf.net/sfu/p
_______________________________________________
Cosign-discuss mailing list
Cosign-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/cosign-discuss
