Expiring Cookies After an Idle
Timeout Period
To increase the
effectiveness of idle timeout cookies, instruct your tokenholders
to update their pages every time they visit a URL. This
precaution will ensure that the cookies are refreshed
accordingly. If the cookies are not refreshed from time to time,
the ACE/Agent will not have a chance to update the cookie and
tokenholders will be asked to authenticate before the
cookies timeout period expires.
To ensure that WebID
cookies are refreshed:
- Tell your Netscape
Navigator users to go to the Options > Network
Preferences > Cache properties page and enable the
Verify Documents: Every Time option.
- Tell your Microsoft
Internet Explorer users to go to the View > Options
> Advanced properties page, click the Settings
button, and select the Every visit to the
page option.
To have idle WebID
cookies expire after a timeout period:
Note: A shorter
timeout period is less convenient for users, but it is more
secure.
- Start the ACE/Agent
Administration applet.
- Under Cookie
Expiration Control, select the Cookies expire if
not used for specified time radio button.
- In the Expiration
time field, enter the number of minutes that you want
an idle cookie to last. The maximum number of minutes you
can enter is 1440 (one day).
- Click Apply.
Expiring Cookies Automatically after a
Specified time