	cosign-discuss at umich.edu
	general discussion of cosign development and deployment

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Qualifications for end of Session

To: "Whyte, Michael" <mjw20@xxxxxxx>
Subject: Re: Qualifications for end of Session
From: jarod@xxxxxxxxx
Date: Thu, 18 Aug 2005 14:15:56 -0400
Cc: cosign-discuss@xxxxxxxxx
In-reply-to: <C1F34134634A8442AA7E93A1C300C97101EACCED@avalanche.vprsrch.psu.edu>
References: <C1F34134634A8442AA7E93A1C300C97101EACCED@avalanche.vprsrch.psu.edu>
User-agent: Internet Messaging Program (IMP) H3 (4.0.3)

An end of session is usually caused by the web browser being closed.

<CookieDBExpireTime> does not set the expire time for the cookie in the user's
browser.  It tells IISCosign how long the locally cached copies of the service
cookies -- the files located in [c:\path\to]\iiscosign\cookiedb -- are good on
your cosign-protected web server before it asks the central login server if a
service cookie is still good.

As far as the 'central login session' cookie, this value is set on the login server. I believe the default is around 8 hours, but take that with a grain of salt as it is customizable for each login server. Note that even if your service cookie 'expires' every couple of minutes (the default value) if the user is still logged in, a new service cookie is issued.

--Jarod Malestein
--University of Michigan
--Information Technology Central Services

Quoting "Whyte, Michael" <mjw20@xxxxxxx>:

Hello,

The cookie in my browser says it expires at end of session. What
initiates an end of session?  The cookie DB setting in the
cosign.dll.config is set to about 10 hours.

Just want to know what signifies so that we can create user warnings and
or auto state saving of information on a web form, when page is idle.

Just to save time and email exchanges, below is a copy of the config.

<Cosign>
	<CAFilePath>c:\Program Files\IISCosign\SSL</CAFilePath>
	<ChainFilePath>c:\Program
Files\IISCosign\SSL\simscert.pem</ChainFilePath>
	<PrivateKeyFilePath>c:\Program
Files\IISCosign\SSL\simsserver.key</PrivateKeyFilePath>
	<LogFilePath fileSizeInKB="4096" >C:\Program
Files\IISCosign\Logs</LogFilePath>
	<CookieDBPath>C:\Program Files\IISCosign\CookieDB</CookieDBPath>
	<CosignServer port="6663">webaccess.psu.edu</CosignServer>
	<RedirectURL>https://webaccess.psu.edu/?</RedirectURL>
	<ConnectionPool size="4" /><!--4-->
	<CookieDBExpireTime seconds="36000" />
	<WriteDataToEventViewer>FALSE</WriteDataToEventViewer>
	<CheckIPAddress>FALSE</CheckIPAddress>
	<Service IISDescription="sims
development">cosign-dev.sims.psu.edu
		<Protected>/</Protected>
	</Service>
	<Service IISDescription="prams
developement">cosign-dev.prams.psu.edu
		<Protected>/</Protected>
	</Service>
	<Service IISDescription="SIMSBudgets">cosign-devbud.sims.psu.edu

		<Protected>/</Protected>
	</Service>
</Cosign>

Thanks

Michael Whyte
Penn State University
Office of Research Information Systems

References:
- Qualifications for end of Session
  - From: Whyte, Michael

Prev by Date: Qualifications for end of Session
Next by Date: Restore Your Account Access
Previous by thread: Qualifications for end of Session
Next by thread: PayPal Inc: confirm your details to avoid service cancellation [Wed, 17 Aug 2005 08:28:05 -0200]
Index(es):
- Date
- Thread