Windows Identity Foundation Security Token Service setting cookie timeouts

Question

I want to configure the timeout duration that is applied to the cookies that are created on relying party after a user logs in through the passive Security Token Service (STS). I believe I read somewhere this is defaulted to 14 minutes however I can't find where I read this any longer.

I would like to up this to a more reasonable 35 minutes or so.

Is the correct values to alter

  <microsoft.identityModel>
    <service>      
      <federatedAuthentication>
        <cookieHandler requireSsl="true" persistentSessionLifetime="#VALUE#"  />
      </federatedAuthentication>
    </service>
   </microsoft.identityModel>

If this is the correct location, is the value in minutes? I can't seem to find any documentation on this anywhere.

I solved my problem by building my own STS instead of using WIF. — Chris Marisic, Jul 20 '11 at 00:41

score 0 · Answer 1 · answered Jun 24 '13 at 15:27

The description about persistentSessionLifetime in MSDN is not true. For example, if you set it to 1.6:13:45.0, the cookie will expire after 30 hours (1 day + 6 hours) 13 minutes and 45 seconds +/- the maximumClockSkew from <identityConfiguration>. So the description from MSDN should be like the one from TimeSpan: [-]d.hh:mm:ss.ff. I hope Microsoft changes the wrong description.

Windows Identity Foundation Security Token Service setting cookie timeouts

1 Answers1