Microsoft KB Archive/922878

From BetaArchive Wiki
Knowledge Base


The actual idle time-out period may be shorter than the value that you configure in the Idle Session Timeout area for OWA forms-based authentication in ISA Server 2004

Article ID: 922878

Article Last Modified on 12/4/2007



APPLIES TO

  • Microsoft Internet Security and Acceleration Server 2006 Standard Edition
  • Microsoft Internet Security and Acceleration Server 2006 Enterprise Edition
  • Microsoft Internet Security and Acceleration Server 2004 Enterprise Edition
  • Microsoft Internet Security and Acceleration Server 2004 Standard Edition



INTRODUCTION

An Outlook Web Access (OWA) client session in Microsoft Internet Security and Acceleration (ISA) Server 2004 may time-out before the idle session time-out period that you configure in ISA Server 2004. This article describes why this behavior may occur.

MORE INFORMATION

When you publish OWA through Microsoft ISA Server 2004 by using forms-based authentication, you can configure the idle session time-out period for client computers. You can do this by entering a time value in the Idle Session Timeout area for public computers and private computers. However, the client session may time-out before the idle session time-out period that you configure in ISA Server 2004.

The idle session time-out is configured in ISA Server 2004 by converting the total time-out period into three session renewal periods. ISA Server 2004 divides the idle session time-out period by three to create the session renewal period.

Additionally, a session key is used to decrypt the client cookies that are created for each client session. ISA Server 2004 stores three keys at a time in the buffer. When the client computer provides a cookie that any of the keys in the buffer cannot decrypt, ISA Server 2004 closes the client session.Therefore, the idle time that causes the client session to time-out can be any value between 2*Idle Session Timeout period/3 and Idle Session Timeout period. For example, when you configure the idle session time-out period to be 30 minutes, the client session may time-out when the idle time is between to 20 minutes or 30 minutes.

Keywords: kbhowto kbinfo KB922878