Would there be any negative effects (especially server-wise) of removing the time stamp authorisation routines that check to confirm wether or not the user session has expired, or to set the $auth_time to 24hrs ...?

I'm just curious and wondering if eliminating the 'invalid/expired user session' state would pose a problem to the script. I would still leave the random number though.

The only thing would be that your auth directory would fill up pretty quickly.

------------------
JPD

Quick question...How do I properly set-up my default.cfg file to delete session files on NT? The session files are NOT being deleted from the auth directory. I have the same settings in my default.cfg files running on UNIX and the session files are deleted with NO problem.

I have the following authorization configs:


I know that the range of disconnection in the NT Registry is:

-1 to 65535 (minutes)

I have tried a combination of number for the $auth_time variable to no success.

I have set the auth directory permissions to the following:

IUSR/MACHINENAME : RWXD
IWAM/MACHINENAME: RWXD

Anyone come accross this problem. If so, how did you fix it?

TIA.

Regards,

------------------
Eliot Lee
Founder and Editor
Anthro TECH, L.L.C
http://www.anthrotech.com/
info@anthrotech.com
==========================
Coconino Community College
http://www.coco.cc.az.us/
Web Technology
Coordinator
elee@coco.cc.az.us