Reputation: 1058
SimpleSAMLphp Stay Logged In
I am confused regarding the cookie settings in config.php.
I have one identity provider and three service providers. I want my users to be able to stay logged in when they revisit the site within x number of days. I've set session.cookie.lifetime to be 7 days (60*60*24*30)
And session.duration is set to the default 8 hours (60*60*8).
How do I use the cookie to automatically log the user back in if it has not expired? The session duration seems to be taking precedence over the cookie lifetime.
Upvotes: 1
Views: 3949
Answers (1)
Reputation: 1515
The cookie is validated using the session data, so both session.duration and session.cookie.lifetime must be at least seven days in your case. The cookie won't work when the session is expired.
It is generally a good idea choose session.duration a little larger than session.cookie.lifetime to allow for clock skew.
Upvotes: 3
Related Questions
- SimpleSamlPhp Infinite login loop (once again)
- How to logout from simplesamlphp
- SESSION variables not working after require SIMPLESAMLPHP
- simpleSamlPHP isAuthenticated always returning false
- SimpleSMLphp Custom Module Authentication Triggering Twice
- SimpleSAMLphp not redirecting on logout
- Configuring simplesamlphp for IIS instead of Apache (as a service provider)
- Simplesamlphp wrong metadata
- SimpleSamlPhp as SP redirects incorrectly
- Simplesamlphp check if user has session on IdP