SP session lifetime/timeout

Mikael Bak bak.mikael at oszk.hu
Wed Jul 24 09:06:54 EDT 2019


On 2019. 07. 18. 15:59, Cantor, Scott wrote:
> On 7/18/19, 9:25 AM, "users on behalf of Mikael Bak" <users-bounces at shibboleth.net on behalf of bak.mikael at oszk.hu> wrote:
>> Is it now safe to assume that my SP is misconfigured?
> Doubt it. Your users are probably changing addresses or engaging in other behavior causing the session to be invalid. The logs are the only way to know, and even then it's a snipe hunt. "My sessions timeout prematurely" is a constant claim that has never been confirmed or demonstrated.
> I guess you can check the cacheAllowance in the SessionCache element, that's the only other setting that can prematurely delete sessions.

You are right.
The shibboleth SP config was ok all the time. The php application (in
this case MediaWiki) did however override the setting and threw away the
session after one hour.


More information about the users mailing list