I am always amazed when I client 'truly needs' to do something I have never heard of or thought of before.
We have a DNN based eCommerce solution. The powers that be (huge organization, not really possible to question their requirements) just handed down new security requirements that state simply, when the user can transmit sensitive data (credit card (CC) info in this case), the session timeout is required to be no more than 15 mins.
So yes, pretty poor user experience IMHO. Nothing I can do about that.
The surprise... since the organizations staff never sees or enters CC info, they don't want to be logged out when they step aware for 15 minutes (common for the shipping folks).
So... I know how to set DNN so logins persist for 15 mins (or whatever I want). But how can I set it so that all the customers only persist for 15 mins, but the staff (and maybe 1 other role as well as Admins and Superusers) all have a 2 day login persistence like they currently enjoy?