Identityserver4: connect/checksession API not returning changed event in iframe
I'm testing the connect/checksession API as described here:
http://openid.net/specs/openid-connect-session-1_0.html
Even though my id_token and access_token have expired, the check_session iframe API always returns an unchanged event.
MessageEvent {isTrusted: true, data: "unchanged", origin: "https://localhost:44318", lastEventId: "", ...
IdentityServer4 : 1.5.1
damienbod
All 6 comments
token lifetimes are unrelated.
This checks the authentication session - IOW if the user has a valid cookie with idsrv
leastprivilege
on 31 May 2017
So I need to configure IdentityServer4 to create a cookie when the user logins using the OpenID Implicit Flow and set the lifetime of this cookie to a value smaller than the lifespan of the id_token
damienbod
on 31 May 2017
The cookie always gets created - that's the "SSO session" with identityserver.
id_token lifetime is not important - id tokens are just the signed protocol response (only used to validate the authentication event and for a hint at logout time).
leastprivilege
on 31 May 2017
Any examples how I can configure the SSO session with identityserver4?
damienbod
on 31 May 2017
Basic settings like lifetime and sliding vs absolute can be configured on the options in ConfigureServices.
If you need more control, provide your own cookie middleware and tell us the name of it (also on the options)
leastprivilege
on 31 May 2017
This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.
![lock[bot] picture](https://avatars1.githubusercontent.com/in/6672?v=4&s=40)
lock[bot]
on 14 Jan 2020
Related issues
eshorgan
路
3Comments
leksim
路
3Comments
Aravind1729
路
3Comments
klioqc
路
3Comments
agilenut
路
3Comments