INFO: Recommendations for Commerce Server Sites That Do Not Use the AuthFilter ISAPI Filter (829612)


The information in this article applies to:

  • Microsoft Commerce Server 2002
  • Microsoft Commerce Server 2000

SUMMARY

Support files for using the Microsoft Commerce Server AuthFilter Internet Server API (ISAPI) filter are included with Microsoft Commerce Server 2002, with Commerce Server 2000, and with the solution sites for Commerce Server 2002. These support files are located in a folder that is named Authfiles.

MORE INFORMATION

To avoid issuing unnecessary cookies to users, it is a good idea to make the following changes to the Login.asp file that is located in the Authfiles folder:
  • Comment out or delete the following line of code from the Login.asp file of any site that does not use the AuthFilter ISAPI filter: 
    objAuth.SetAuthTicket strUserID, True, 90
  • If the site uses the AuthFilter filter, make sure that the site is issuing authentication tickets that are based on a GUID instead of on a user name (as in the Commerce Server Retail sample site and the Commerce Server Supplier sample site). An implementation that issues authentication tickets that are based on a GUID is preferred over an implementation that bases its authentication tickets on a user name. A GUID is a unique identifier. Therefore, it is more suitable to use as a base for an authentication ticket.
Dimitri van de Giessen, d.vd.giessen@xs4all.nl contributed to this article.
Modification Type:MinorLast Reviewed:11/13/2003
Keywords:kbinfo KB829612 kbAudDeveloper
©2003 Microsoft Corporation. All rights reserved.