Timeouts and passwords
Describes timeouts and passwords in Optimizely Configured Commerce.
When working with Optimizely {user["product-name"]}, there are number of options for controlling the specifics related to timeouts and passwords. Some of these options are configurable, while others are not.
Admin console
General settings
- Timeout is set to 15 minutes and is not configurable in order to maintain compliance with PA-DSS.
- Users who have the role ISC_Admin, ISC_System, or ISC_Integration, the password expires after 90 days (passwords for website users do not expire).
Password complexity settings
The settings to control password complexity are found in the Startup.Auth.cs file:
// Configure validation logic for passwords
SecurityOptions.PasswordValidatorOptions = new PasswordValidatorOptions
// Configure validation logic for passwords
SecurityOptions.PasswordValidatorOptions = new PasswordValidatorOptions
{
RequiredLength = 7,
RequireNonLetterOrDigit = false,
RequireDigit = true,
RequireLowercase = false,
RequireUppercase = false
};Website timeout settings
The setting that controls the website timeout for 4.x is found within Startup.Auth.cs.:
SecurityOptions.AuthenticationCookieLifetime = Convert.ToInt32(TimeSpan.FromMinutes(20).TotalSeconds);
The setting that controls the website timeout for 4.x is found within Startup.Auth.cs.
Updated 14 days ago
Did this page help you?
