This repository has been archived by the owner on Jun 17, 2024. It is now read-only.
Support configurable cookie expiration #81
Assignees
Labels
Milestone
Comments
jonlester
added
enhancement
|
Implementation should allow the cookie expiry timespan to be set, and if set slidingexpiration will be disabled as well. This will result in the user being redirected back to the IdP on the first request after the cookie expires. It should be transparent to the user since they are already logged into AAD. This could cause some problems for a SPA application that's using cookies, if the redirect can't be handled by the client. We'll need to note this. |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
The current implementation adds a cookie without an expires value, which means it will be valid until the end of the session (e.g. when the user closes their browser).
In our case, we'd like to be able to control when the user must re-authenticate, similar to https://stackoverflow.com/q/50728337/161022
The text was updated successfully, but these errors were encountered: