Dev GuideAPI Reference
Dev GuideAPI ReferenceUser GuideGitHubNuGetDev CommunityDoc feedbackLog In

Timeouts and passwords

This topic describes timeouts and passwords in Optimizely Configured Commerce.

When working with Optimizely Configured Commerce, there are number of options for controlling the specifics related to timeouts and passwords. Some of these options are configurable, while others are not.

Admin console

General settings

  • Timeout is set to 15 minutes and is not configurable in order to maintain compliance with PA-DSS.
  • Users who have the role ISC_Admin, ISC_System, or ISC_Integration, the password expires after 90 days (passwords for website users do not expire).

Password complexity settings

The settings to control password complexity are found in the Startup.Auth.cs file:

// Configure validation logic for passwords

SecurityOptions.PasswordValidatorOptions = new PasswordValidatorOptions

// Configure validation logic for passwords
SecurityOptions.PasswordValidatorOptions = new PasswordValidatorOptions
{
    RequiredLength = 7, 
    RequireNonLetterOrDigit = false, 
    RequireDigit = true, 
    RequireLowercase = false, 
    RequireUppercase = false
};

Website Timeout Settings

The setting that controls the website timeout for 4.x is found within Startup.Auth.cs.:

SecurityOptions.AuthenticationCookieLifetime = Convert.ToInt32(TimeSpan.FromMinutes(20).TotalSeconds);

The setting that controls the website timeout for 4.x is found within Startup.Auth.cs.