The system does not require or interfere with client browser cookies. Domain limited session cookies are sent by the isapi authentication filter as an additional identification mechanism, however, they are not required. Session cookies expire at the end of a browser session and are not stored on a users hard disk ...
The isapi authentication filter implements several mechanisms to ensure the proper use of passwords. Both the speed and network source of password attempts is monitored. High speed multiple attempts are interpreted as being sourced from automated password cracking and password hurler programs. Multiple attempts from multiple network sources are interpreted as sourced by password cracking, password hurling or password sharing ...