Topics

Session-Based Web Authentication will return error messages for login failures and session timeouts. This is accomplished by configuring two fields on your custom login form (reasontext and reasontype fields). Domcfg.ntf has been updated to include these two new fields in the default form provided, $$LoginForm. (To obtain the changes, you must refresh or replace the design of domcfg.nsf with the new domcfg.ntf.)

The four cases that cause the Login form to appear are listed below, which are encoded in the field "reasontype".

• Prompt for the user to log in, at which no error message will display.
• "You are not authorized to perform this operation." The user is authenticated with correct credentials for the server but is not authorized to the database or file, for example.
• "Invalid username or password was specified." The user has given an incorrect name or password.
• "Your session with the server has expired. The current operation was not executed." This occurs when the browser has not sent a request to the server in the given amount of time as configured in the server document (default=30 minutes). If the session times out, they will lose what hasn't been saved. We recommend that administrators lengthen the server's session timeout, if this occurs frequently, to perhaps the length of a workday.