ace00002.gif Expiring Cookies After an Idle Timeout Period


To increase the effectiveness of idle timeout cookies, instruct your tokenholders to update their pages every time they visit a URL. This precaution will ensure that the cookies are refreshed accordingly. If the cookies are not refreshed from time to time, the ACE/Agent will not have a chance to update the cookie and tokenholders will be asked to authenticate before the cookie’s timeout period expires.

To ensure that WebID cookies are refreshed:


To have idle WebID cookies expire after a timeout period:

ace00005.gif Note: A shorter timeout period is less convenient for users, but it is more secure.

  1. Start the ACE/Agent Administration applet.
       
  2. Under Cookie Expiration Control, select the Cookies expire if not used for specified time radio button.
       
  3. In the Expiration time field, enter the number of minutes that you want an idle cookie to last. The maximum number of minutes you can enter is 1440 (one day).
       
  4. Click Apply.

Expiring Cookies Automatically after a Specified time