Reputation: 21
Azure Easy Auth Session timeout
We have created a vb.net web app, it is secured with Azure AD easy auth.
The custom token policy has been created to log the user out after 20 minutes of inactivity, but the user always remains logged in for 8 hours.
Azure support have advised that this is because of the session cookie used when using easy auth over-riding the token policy. They also advise this cannot be changed from 8 hours which is far too long for a web app containing sensitive data.
Has anyone come across this or know of a workaround? As easy auth is “code-less” there seems to be nothing I can do in my project to affect this.
Upvotes: 2
Views: 998
Answers (1)
Reputation: 15042
I think your Azure Support contact recently asked me about this case. Unfortunately the cookie lifetime is hard-coded at 8 hours. We can add support for making this configurable or to have it match the Azure AD token lifetime, but unfortunately it would take some time before such a change would be able to reach production.
Upvotes: 2
Related Questions
- Azure app service stop working some time
- Permission error for Azure Active Directory easy auth /.auth/me returns 401
- Azure AD Easy Auth expires even when users are actively using application
- Azure Web App EasyAuth callback throws error
- Azure login request timeout after 1.5 hours
- MVC session timeout with Azure active directory
- App pool timeout for azure web sites
- Azure Web App - HTTP time out
- Azure Active Directory Single Sign On timeout
- Session timeout in web application on window Azure platform