-
Notifications
You must be signed in to change notification settings - Fork 327
Session Management Settings
Hans Zandbelt edited this page Dec 21, 2022
·
1 revision
These settings are only relevant in an OpenID Connect Relying Party setup.
# Interval in seconds after which the session will be invalidated when no interaction has occurred.
# When not defined, the default is 300 seconds.
OIDCSessionInactivityTimeout <seconds>
# Maximum duration of the application session
# When not defined the default is 8 hours (3600 * 8 seconds).
# When set to 0, the session duration will be set equal to the expiry time of the ID token.
# NB: this can be overridden on a per-OP basis in the .conf file using the key: session_max_duration
OIDCSessionMaxDuration <seconds>
# OpenID Connect session storage type.
# "server-cache" server-side caching storage.
# "client-cookie" uses browser-side sessions stored in a cookie; see also OIDCSessionCookieChunkSize next
# A suffix ":persistent" can be added if you want to use a persistent cookie that survives browser restarts
# instead of a session cookie that is tied to the lifetime of the browser session.
# The "expires" value of the persistent cookie is controlled by the OIDCSessionInactivityTimeout setting.
# A suffix ":store_id_token" can be added to "client-cookie" if you want the id_token to be stored
# in the session to be used as id_token_hint in a logout request to the OP later.
# When not defined the default "server-cache" is used.
OIDCSessionType server-cache[:persistent] | client-cookie[:persistent | :store_id_token | :persistent:store_id_token ]
# Fallback to "OIDCSessionType client-cookie" when "OIDCSessionType server-cache" is set and the primary
# cache mechanism (e.g. memcache or redis) fails. Note that this will come at a cost of:
# a) performance
# 1) since on each subsequent request the primary cache will still be polled and
# failback will happen as soon as the primary cache is available again
# 2) information other than sessions cannot be cached, e.g. resolved access tokens or metadata; see: OIDCCacheType
# b) security, since nonce's and jti's are not cached, see: OIDCCacheType
# c) (prototype) functionality, since request_uri's won't work anymore
# When not defined the default is "Off".
OIDCSessionCacheFallbackToCookie [On|Off]
You can find all configuration parameters here: https://github.com/zmartzone/mod_auth_openidc/blob/master/auth_openidc.conf