nishita jain wrote:

> Hi,
> My system is managed using NAM. We have protected all the URLs in
> access gateway with a custom authentication contract.
> Now what we want to do is to set two types of timeout -
> 1. Idle timeout - the user logs in, if (s)he doesn't do any activity
> for n minutes then the user should be logged-out.
> 2. Session timeout - the user logs in, is doing some activity, still
> after n minutes (s)he should be logged-out.
> As per my understanding, first kind of timeout is satisfied by setting
> Authentication Timeout while Configuring Authentication Contracts. Is
> this correct?

That is correct

> Also how to meet the second timeout requirement?

You can't as far as I know. Additionally, wouldn't the user get pretty
upset when you would do this? I would get pretty p!ssed off if I would
get tossed out of a session while working