Not able to persist session idp cookies

Vadaram, Sushanth Sushanth.Vadaram at carrier.com
Tue Dec 8 09:26:42 UTC 2020 

Thanks Nate.

I have set the following properties in idp.properties

idp.cookie.maxAge = 100
idp.storage.htmlLocalStorage = true
idp.session.enabled = true
idp.session.StorageService = shibboleth.ClientPersistentStorageService
idp.session.timeout = PT60M

Is there anything else I need to set for IDP Persistent cookies.



Thanks & Regards,
Sushanth Vadaram

From: users <users-bounces at shibboleth.net> On Behalf Of Vadaram, Sushanth via users
Sent: Tuesday, December 8, 2020 11:28 AM
To: Nate Klingenstein <ndk at signet.id>; Shib Users <users at shibboleth.net>
Cc: Vadaram, Sushanth <Sushanth.Vadaram at carrier.com>
Subject: [External] RE: Not able to persist session idp cookies


[cid:image001.png at 01D6CD72.4E638880]



Expires is set as session and not some time. Is there any way this can be changed from session to some time.



Thanks & Regards,

Sushanth Vadaram

+91-9154096280



-----Original Message-----
From: Nate Klingenstein <ndk at signet.id<mailto:ndk at signet.id>>
Sent: Tuesday, December 8, 2020 10:56 AM
To: Shib Users <users at shibboleth.net<mailto:users at shibboleth.net>>
Cc: Vadaram, Sushanth <Sushanth.Vadaram at carrier.com<mailto:Sushanth.Vadaram at carrier.com>>
Subject: [External] RE: Not able to persist session idp cookies



Sushanth,



> We are seeing that once after successful login and closure of the browser. We are again asked to login when we close the browser.

>

> We did set the idp.session in idp.properties but cookie wasn’t setting the cookie max-age. The value is still session which might be the reason why the session is not getting restored.



I suspect it's because the Cache-Control attributes of the cookie are being set to no-cache and no-store.  I'm not aware of a way to configure the specific flags of the cookie without touching the code, though it may be possible.



https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Furldefense.com%2Fv3%2F__https%3A%2F%2Fdeveloper.mozilla.org%2Fen-US%2Fdocs%2FWeb%2FHTTP%2FHeaders%2FCache-Control__%3B!!MvWE!XcV15O3SGWrSNRBmvCgN6rSJvIyL-EQ9NqWXR4NFTibbjXv3xP-YHJGecq1Ir5IVQIwq%24&data=04%7C01%7CSushanth.Vadaram%40carrier.com%7Cd787b10f2d784abf869f08d89b39b8cd%7C36839a657f3f4bac9ea4f571f10a9a03%7C0%7C0%7C637430019495281959%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=rr9wlFIrjCxSfTUQzg15zVGeds%2BOrdQtaKQmI2fQyLU%3D&reserved=0<https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Furldefense.com%2Fv3%2F__https%3A%2F%2Fnam11.safelinks.protection.outlook.com%2F%3Furl%3Dhttps*3A*2F*2Furldefense.com*2Fv3*2F__https*3A*2F*2Fdeveloper.mozilla.org*2Fen-US*2Fdocs*2FWeb*2FHTTP*2FHeaders*2FCache-Control__*3B!!MvWE!XcV15O3SGWrSNRBmvCgN6rSJvIyL-EQ9NqWXR4NFTibbjXv3xP-YHJGecq1Ir5IVQIwq*24%26data%3D04*7C01*7CSushanth.Vadaram*40carrier.com*7Cd787b10f2d784abf869f08d89b39b8cd*7C36839a657f3f4bac9ea4f571f10a9a03*7C0*7C0*7C637430019495281959*7CUnknown*7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0*3D*7C1000%26sdata%3Drr9wlFIrjCxSfTUQzg15zVGeds*2BOrdQtaKQmI2fQyLU*3D%26reserved%3D0__%3BJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUl!!MvWE!TIaV7V_ANMv3KFgvC9ZXARrJc9RCG0y2iba9aREwShA_XW44COA39cIDs9Qy6UbaEmY3%24&data=04%7C01%7CSushanth.Vadaram%40carrier.com%7Cb4e5b3b6a77341cba5b108d89b3e3287%7C36839a657f3f4bac9ea4f571f10a9a03%7C0%7C0%7C637430038718854792%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=MhadegDyN1rwlQdru8%2BdECpoTI47UU4CPcTuspRb7Do%3D&reserved=0>



Maybe someone else on the list has a better idea, Nate.



--------

Signet, Inc.

The Art of Access ®



https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Furldefense.com%2Fv3%2F__https%3A%2F%2Fwww.signet.id__%3B!!MvWE!XcV15O3SGWrSNRBmvCgN6rSJvIyL-EQ9NqWXR4NFTibbjXv3xP-YHJGecq1Ir1YkY8pc%24&data=04%7C01%7CSushanth.Vadaram%40carrier.com%7Cd787b10f2d784abf869f08d89b39b8cd%7C36839a657f3f4bac9ea4f571f10a9a03%7C0%7C0%7C637430019495281959%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=3ohXcqK6T%2Fv3GwqfkYpuf%2B9f0t4EXTubUtECsi9c5oY%3D&reserved=0<https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Furldefense.com%2Fv3%2F__https%3A%2F%2Fnam11.safelinks.protection.outlook.com%2F%3Furl%3Dhttps*3A*2F*2Furldefense.com*2Fv3*2F__https*3A*2F*2Fwww.signet.id__*3B!!MvWE!XcV15O3SGWrSNRBmvCgN6rSJvIyL-EQ9NqWXR4NFTibbjXv3xP-YHJGecq1Ir1YkY8pc*24%26data%3D04*7C01*7CSushanth.Vadaram*40carrier.com*7Cd787b10f2d784abf869f08d89b39b8cd*7C36839a657f3f4bac9ea4f571f10a9a03*7C0*7C0*7C637430019495281959*7CUnknown*7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0*3D*7C1000%26sdata%3D3ohXcqK6T*2Fv3GwqfkYpuf*2B9f0t4EXTubUtECsi9c5oY*3D%26reserved%3D0__%3BJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJQ!!MvWE!TIaV7V_ANMv3KFgvC9ZXARrJc9RCG0y2iba9aREwShA_XW44COA39cIDs9Qy6WBljT_0%24&data=04%7C01%7CSushanth.Vadaram%40carrier.com%7Cb4e5b3b6a77341cba5b108d89b3e3287%7C36839a657f3f4bac9ea4f571f10a9a03%7C0%7C0%7C637430038718864785%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=Yqdho7y%2B7yeo63x%2B7CBwUxOTtZ6Kw84BWGmNBbB5vqc%3D&reserved=0>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20201208/ba74bdad/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 16671 bytes
Desc: image001.png
URL: <http://shibboleth.net/pipermail/users/attachments/20201208/ba74bdad/attachment.png>

More information about the users mailing list