The "Advanced Security Settings" dialog provides extended security configuration options, which further improve the usability and security of your Web application. The following options are provided:
Parameter | Description | ||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Session Variables | In this section you can specify the names of three session variables
listed below, which will be created automatically upon a user's login and
preserved for the duration of the user session. A user is considered to be
logged in as long as these variables are present. For security reasons it is recommended that you use different variable names for different applications hosted on the same server, especially if served via a single domain name. This will prevent a user from having access to multiple applications after logging in into one. |
||||||||||||||||
User Id Variable | Defines the name of the session variable that stores the id of the
currently logged-in user. You can also use this session variable as form data source parameter, for example to display data that belongs to the current user. |
||||||||||||||||
User Login Variable | Defines the name of the session variable that stores the login of the currently logged-in user. | ||||||||||||||||
Group ID Variable | Defines the name of the session variable that stores the security group of the currently logged-in user. This session variable is then used to determine if the current user has access to restricted pages and forms. | ||||||||||||||||
|
|||||||||||||||||
[x] Encrypt passwords using | Enable this feature if:
Notes:
|
||||||||||||||||
Database Function | Database encryption function or database expression to be used to
encrypt the password string.
Provide the name of a database function that supports single string
value to be encrypted, however, you do not need to include the string
argument.
Alternatively, you can specify a database expression and include {password}
as the argument in place of the string to be encrypted.
Note: User passwords transferred from one database type to another, for example from MySQL to MS SQL Server, may become invalid if the new database doesn't support a compatible encryption function. |
||||||||||||||||
Code Expression | Programming code to be used to encrypt the password string. Specify an
encryption function and include {password} in place of the string
to be encrypted. Examples of code expressions for supported programming languages:
|
||||||||||||||||
|
|||||||||||||||||
[x] Enable 'Remember Me' feature | Enables the Remember Me feature on login forms and allows the application to skip the login process during subsequent login attempts. | ||||||||||||||||
Cookie Name | Defines the name of the cookie that stores user login information. | ||||||||||||||||
Expiring in (Numeric) |
Specifies the number of days before the cookie expires. The user will be prompted to login again after this period. | ||||||||||||||||
Sliding Expiration | Specifies whether the cookie expiration should be reset to the "Expiring in" value upon each successful login. This will extend the life of the cookie each time when the user is successfully authenticated. | ||||||||||||||||
Encryption Key | 128-bit encryption key used to encrypt the user login and password before storing them in a cookie. CCS automatically generates a default encryption key, unique for each project, which then can be changed in this dialog. However, changing the encryption key will reset the 'Remember me' feature by requiring users with previously saved passwords to re-login manually during their next visit. |