SQM or Customer Console "Remember Me" not working


This article applies to:

  • Trustwave MailMarshal (SEG) 6.4 and above
  • Trustwave SPE/MailMarshal SPE 2.3 and above 
  • Trustwave ECM/MailMarshal Exchange 7.X
  • Spam Quarantine Management website
  • Quarantine Management website
  • SPE Customer Console and SQM
  • Forms authentication

Symptoms:

  • Remember Me is selected on the site login page
  • User credentials are only remembered for a short time of inactivity. Users are asked to enter credentials after about 20 minutes. 
  • With SPE, the "Default Session Timeout" setting in the Admin Console cannot be used to extend the Customer Console timeout to more than 20 minutes.

Causes:

  • The Remember Me function uses ASP.NET authentication cookies. By default the cookies time out after 20 or 30 minutes, depending on the version of ASP.NET originally installed.
  • Trustwave recommends you maintain the default timeout for security reasons.

Resolution:

To extend the timeout, change the forms authentication configuration settings for the affected web sites or virtual directories.

Notes:

  • If you have more than one SQM web server or SPE Customer Console server, you must perform these steps on each web server.
  • For SPE, you must configure the SQM virtual directory as well as the Customer Console site. The site setting is not inherited by the SQM directory/application.
  1. On the web server, open IIS Manager.
  2. Navigate to the properties of the virtual directory or website you want to configure.
    • For SEG SQM, by default, this is Default Web Site/SpamConsole
    • For ECM quarantine management, by default, this is MailMarshal Exchange Web Components/QuarantineConsole
    • For SPE Customer Console, by default, this is the website Customer Console
    • For SPE SQM, by default, this is Customer Console/SQM
       

       
  3. In the IIS section, double-click Authentication.
  4. On the Authentication page, select Forms Authentication and then click Edit (from the right pane Actions list).
     

     
  5. On the Forms Authentication Settings window, set the authentication cookie time-out to a longer value (in minutes). Ensure that Extend cookie expiration is checked.
  6. Click OK.
  7. When you have changed all required settings, exit IIS manager.
  8. For SPE, remember to change the "Default Session Timeout" setting in the Admin Console.

Notes:

  • This problem does not affect Windows authentication.

Last Modified 3/1/2020.
https://support.trustwave.com/kb/KnowledgebaseArticle12888.aspx