Dev Guide
Dev GuideAPI ReferenceUser GuideGitHubDev CommunityOptimizely AcademySubmit a ticketLog In
Dev Guide

Timeouts and passwords

Describes timeouts and passwords in Optimizely Configured Commerce.

When working with Optimizely {user["product-name"]}, there are number of options for controlling the specifics related to timeouts and passwords. Some of these options are configurable, while others are not.

Admin console

General settings

  • Timeout is set to 15 minutes and is not configurable in order to maintain compliance with PA-DSS.
  • Users who have the role ISC_Admin, ISC_System, or ISC_Integration, the password expires after 90 days (passwords for website users do not expire).

Password complexity settings

The settings to control password complexity are found in the Startup.Auth.cs file:

// Configure validation logic for passwords

SecurityOptions.PasswordValidatorOptions = new PasswordValidatorOptions

// Configure validation logic for passwords
SecurityOptions.PasswordValidatorOptions = new PasswordValidatorOptions
{
    RequiredLength = 7, 
    RequireNonLetterOrDigit = false, 
    RequireDigit = true, 
    RequireLowercase = false, 
    RequireUppercase = false
};

Website timeout settings

The setting that controls the website timeout for 4.x is found within Startup.Auth.cs.:

SecurityOptions.AuthenticationCookieLifetime = Convert.ToInt32(TimeSpan.FromMinutes(20).TotalSeconds);

The setting that controls the website timeout for 4.x is found within Startup.Auth.cs.


Did this page help you?