The time stamp specifying when the client-principal object will expire. If the client-principal object expires before you can seal or validate it, and you attempt to use it, the AVM sets the LOGIN-STATE attribute to "EXPIRED" and you can no longer validate or use the client-principal object.

Note: If you set the attribute to the Unknown value (?), the client-principal is reset to have no expiration.

Data type: DATETIME-TZ

Access: Readable/Writeable

Applies to: Client-principal object handle

You can set this attribute to any DATETIME-TZ value, with the following limitations. The value of this attribute:

  • Is truncated to the second
  • Can have no greater precision than seconds
  • Can have a minimum value of 1/1/1970 00:00:01.000-00:00
  • On 32-bit platforms, can have the following maximum value: 1/19/2038 00:00:00.000-00:00
  • On 64-bit platforms, has no meaningful maximum value

Any attempt to set a value that does not conform to these limitations returns a message in the ERROR-STATUS system handle and leaves the previous value unchanged.

If not set or reset to the Unknown value (?), the AVM will never place the client-principal object in an EXPIRED login state. In either case, reading the attribute returns the Unknown value (?).

Note: The AVM recognizes that a client-principal object has expired only when it tries to use it with the SEAL( ) method, SECURITY-POLICY:SET-CLIENT( ) method, SET-DB-CLIENT function, IMPORT-PRINCIPAL( ) method, or VALIDATE-SEAL( ) method.

Once the client-principal object is sealed, this attribute is read-only.

See also

LOGIN-STATE attribute