Discussion:
SP session lifetime / time-out
David Bantz
2014-08-18 17:07:20 UTC
Permalink
A service owner requests sessions last 5 days, with one day time-out. Is merely setting
<Sessions lifetime=“432000" timeout=“86400” … > in shibboleth2.xml
sufficient, or is some other adjustment required to effect this request which
is a first for me? (The SSO session lifetime set by the IdP is 8 hours, 28800 sec.)

David Bantz
U Alaska
Cantor, Scott
2014-08-18 17:12:23 UTC
Permalink
Post by David Bantz
A service owner requests sessions last 5 days, with one day time-out. Is merely setting
<Sessions lifetime=³432000" timeout=³86400² Š > in shibboleth2.xml
sufficient, or is some other adjustment required to effect this request which
is a first for me? (The SSO session lifetime set by the IdP is 8 hours, 28800 sec.)
It's sufficient unless your IdP has maximumSPSessionLifetime set on the
profile configuration.

In practice, that's not going to work well unless the site is low-volume,
the sessions will accumulate in memory and probably kill it.

-- Scott
--
To unsubscribe from this list send an email to users-***@shibboleth.net
David Bantz
2014-08-18 18:09:36 UTC
Permalink
The potential audience (< / ~ number of sessions) is on the order of 1000.

That seems small enough to avoid memory problems of long-lived sessions, yes?

David
Post by Cantor, Scott
Post by David Bantz
A service owner requests sessions last 5 days, with one day time-out. Is merely setting
<Sessions lifetime=³432000" timeout=³86400² Š > in shibboleth2.xml
sufficient, or is some other adjustment required to effect this request which
is a first for me? (The SSO session lifetime set by the IdP is 8 hours, 28800 sec.)
It's sufficient unless your IdP has maximumSPSessionLifetime set on the
profile configuration.
In practice, that's not going to work well unless the site is low-volume,
the sessions will accumulate in memory and probably kill it.
-- Scott
--
Cantor, Scott
2014-08-18 18:17:09 UTC
Permalink
Post by David Bantz
The potential audience (< / ~ number of sessions) is on the order of 1000.
That seems small enough to avoid memory problems of long-lived sessions, yes?
Probably, but this is really something that should be handled by the
application.

-- Scott
--
To unsubscribe from this list send an email to users-unsubscribe-***@public.gmane.org
David Bantz
2014-08-18 18:30:08 UTC
Permalink
What is the “this” that should be handled by the application (as opposed to the Shibboleth SP)?
Should I be thinking of the request for long-lived session in a different way than SP config?

David
Post by Cantor, Scott
Post by David Bantz
The potential audience (< / ~ number of sessions) is on the order of 1000.
That seems small enough to avoid memory problems of long-lived sessions, yes?
Probably, but this is really something that should be handled by the
application.
-- Scott
--
Cantor, Scott
2014-08-18 18:34:15 UTC
Permalink
What is the ³this² that should be handled by the application (as opposed
to the Shibboleth SP)?
Should I be thinking of the request for long-lived session in a different way than SP config?
I don't think the SP is suited to multi-day sessions.

-- Scott
--
To unsubscribe from this list send an email to users-***@shibboleth.net
Loading...