I think the default timeout is something like every half hour.
I'd like to change this to 2 weeks. Anyone got any ideas?
Is this done usually from the STS side or the client side? Is forms authentication getting in the way too, or is that now irrelevant?
I just fixed this myself, persistentCookiesOnPassiveRedirects needs to be enabled on the RP
In your web.config you need:
<microsoft.identityModel>
<federatedAuthentication>
<wsFederation
persistentCookiesOnPassiveRedirects="true" />
<cookieHandler
persistentSessionLifetime="60.0:0:0" />
</federatedAuthentication>
</microsoft.identityModel>
The timeout for the FedAuth token may be managed in the web.config for the claims-aware application. An example with documentation may be found here. Keep in mind, though, that there is the STS-side of the coin and that the timeout may need to be increased there as well to prevent the user from having to sign-in again when moving from one application to another after an extended period.
If the cookie is timing out you can also look at using sliding sessions in your WIF application.
This means that the cookie will continue to be re-established while the user is "using" the application.
http://www.cloudidentity.com/blog/2013/05/08/sliding-sessions-for-wif-4-5/
The description about persistentSessionLifetime in MSDN is not true. For example, if you set it to 1.6:13:45.0, the cookie will expire after 30 hours (1 day + 6 hours) 13 minutes and 45 seconds +/- the maximumClockSkew from <identityConfiguration>. So the description from MSDN should be like the one from TimeSpan: [-]d.hh:mm:ss.ff. I hope Microsoft changes the wrong description.
来源:https://stackoverflow.com/questions/5452488/how-do-i-increase-session-timeout-with-w-i-f-saml-tokens-fedauth-cookie