问题
I think the default timeout is something like every half hour.
I'd like to change this to 2 weeks. Anyone got any ideas?
Is this done usually from the STS side or the client side? Is forms authentication getting in the way too, or is that now irrelevant?
回答1:
I just fixed this myself, persistentCookiesOnPassiveRedirects needs to be enabled on the RP
In your web.config you need:
<microsoft.identityModel>
<federatedAuthentication>
<wsFederation
persistentCookiesOnPassiveRedirects="true" />
<cookieHandler
persistentSessionLifetime="60.0:0:0" />
</federatedAuthentication>
</microsoft.identityModel>
回答2:
The timeout for the FedAuth token may be managed in the web.config for the claims-aware application. An example with documentation may be found here. Keep in mind, though, that there is the STS-side of the coin and that the timeout may need to be increased there as well to prevent the user from having to sign-in again when moving from one application to another after an extended period.
回答3:
If the cookie is timing out you can also look at using sliding sessions in your WIF application.
This means that the cookie will continue to be re-established while the user is "using" the application.
http://www.cloudidentity.com/blog/2013/05/08/sliding-sessions-for-wif-4-5/
回答4:
The description about persistentSessionLifetime in MSDN is not true. For example, if you set it to 1.6:13:45.0, the cookie will expire after 30 hours (1 day + 6 hours) 13 minutes and 45 seconds +/- the maximumClockSkew from <identityConfiguration>. So the description from MSDN should be like the one from TimeSpan: [-]d.hh:mm:ss.ff. I hope Microsoft changes the wrong description.
来源:https://stackoverflow.com/questions/5452488/how-do-i-increase-session-timeout-with-w-i-f-saml-tokens-fedauth-cookie