-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Wednesday 22 May 2002 08:52 am, Anthony Smith wrote: > Basically I am doing something where after 3 bad login attempts for a > user they are disabled, and they are returned back to the login page > telling them that, but each time I return to the login page after less > than 3 login attempts the counter for number of bad login attempts gets > lost.
I realize this doesn't solve the issue with session vars but... Have a look at JetpseedResources.properties (I'm using a recent CVS version). There are some settings that may be of interest to you: # Auto-Account-Disable Feature services.JetspeedSecurity.logon.auto.disable=true # 3 logon strikes per 300 seconds and your out services.JetspeedSecurity.logon.strike.count=3 services.JetspeedSecurity.logon.strike.interval=300 # dont allow more than 10 over any time period services.JetspeedSecurity.logon.strike.max=10 Have you tried setting "logon.strike.max=3"? DP - -- David G. Powers PowerSource -----BEGIN PGP SIGNATURE----- Comment: Verify the authenticity of this message with the public key available at http://pssp.com/dgp_pk.asc iD8DBQE869UrjmjAPDT0/nERAj1zAJwKFiqqmQhpDt4mHo2WoqF32XWbywCeP34M pykjhqPCPQCw6quZV64nDl0= =z9wa -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
