I am trying to gain an idea of how many people would like to have the additional functionality of specifying both an Idle Time out and Session Time out when using LTPA tokens in Domino. The problem I am seeing shows up when using either Domino as a Web App Server, QuickPlace Server or iNotes Server, I am limited to only specifying a single Session Time out value for the LTPA token. My Security Department says the session time out can not exceed 15 minutes. The Security Department is referring to an Idle Session Time out that would occur when the user has not been active for more than 15 minutes.
The problem is we are being forced to set the LTPA Session Time out to 15 minutes and users are hitting the 15 minutes prior to finishing their work. The user is forced to re-authenticate and any work that was not saved prior to the 15 minute time out is lost because now the user is issued a new token and must start the browser session over.
Would you benefit from Domino LTPA tokens having both an Idle Session Time out (set to 15 minutes) that would allow the user to re-authenticate under the same token to continue working AND then specifying a second value for a Timed Session Time out (set to 8 hours) that would drop the LTPA token all together.
If you would benefit from this functionality, please create a response document (preferable) with your company name, release of Domino (r4, r5, r6) and the products (Domino Web Apps, QuickPlace, iNotes, etc.) you are using that would benefit from this functionality.
I’m trying to build up support on this issue and get the Domino Development Team to add this feature to the Web Server functionality.