1

In our Azure AD B2C Sign Up policy settings, we have the Web App Session Life Time.

Even though it's set to the maximum (ie 1440 minutes), I saw that the x-ms-cpim-sso:myApp.onmicrosoft.com_0 is set to "When the browsing session ends" when I explored in Chrome. I think due to this, when I close all Chrome browser tabs, and when I come back to my SPA, it redirects to the login page again.

Is it the default behavior when I use MSAL.JS in an SPA? Any way to set it to "Never expire" apart from using KMSI? I want to keep my users always signed in.

Already checked SPA App Azure B2C Authentication with MSAL. Keep user logged in

Marilee Turscak - MSFT
  • 7,367
  • 3
  • 18
  • 28
Srivathsan S
  • 11
  • 2

1 Answers1

0

Web app session timeout is used for the cookie at B2C, so if you login in a second B2C secured app, you don't need to relogin at B2C. This isn't the value you are looking for.

The token lifetime should be copied to your own environment. Check out some documentation about UseTokenLifetime

Code fragment:

 app.UseOpenIdConnectAuthentication(
   new OpenIdConnectAuthenticationOptions
   {
       ....
       UseTokenLifetime = true,
       ....
   }

Read more about this issue here >

Marilee Turscak - MSFT
  • 7,367
  • 3
  • 18
  • 28