This article applies to:
- Trustwave MailMarshal (SEG) 6.4 and above
- Trustwave SPE/MailMarshal SPE 2.3 and above
- Trustwave ECM/MailMarshal Exchange 7.X
- Spam Quarantine Management website
- Quarantine Management website
- SPE Customer Console and SQM
- Forms authentication
Symptoms:
- Remember Me is selected on the site login page
- User credentials are only remembered for a short time of inactivity. Users are asked to enter credentials after about 20 minutes.
- With SPE, the "Default Session Timeout" setting in the Admin Console cannot be used to extend the Customer Console timeout to more than 20 minutes.
Causes:
- The Remember Me function uses ASP.NET authentication cookies. By default the cookies time out after 20 or 30 minutes, depending on the version of ASP.NET originally installed.
- Trustwave recommends you maintain the default timeout for security reasons.
Resolution:
To extend the timeout, change the forms authentication configuration settings for the affected web sites or virtual directories.
Notes:
- If you have more than one SQM web server or SPE Customer Console server, you must perform these steps on each web server.
- For SPE, you must configure the SQM virtual directory as well as the Customer Console site. The site setting is not inherited by the SQM directory/application.
- On the web server, open IIS Manager.
- Navigate to the properties of the virtual directory or website you want to configure.
- For SEG SQM, by default, this is Default Web Site/SpamConsole
- For ECM quarantine management, by default, this is MailMarshal Exchange Web Components/QuarantineConsole
- For SPE Customer Console, by default, this is the website Customer Console
- For SPE SQM, by default, this is Customer Console/SQM
- In the IIS section, double-click Authentication.
- On the Authentication page, select Forms Authentication and then click Edit (from the right pane Actions list).
- On the Forms Authentication Settings window, set the authentication cookie time-out to a longer value (in minutes). Ensure that Extend cookie expiration is checked.
- Click OK.
- When you have changed all required settings, exit IIS manager.
- For SPE, remember to change the "Default Session Timeout" setting in the Admin Console.
Notes:
- This problem does not affect Windows authentication.