Documentation Center

Changing expiration behavior for authentication cookies

The authentication cookies used by the Review Space, Draft Space and Organize Space have a default expiration time of one hour and use a sliding expiration. These properties are configurable in each web application's appsettings.json file.

Procedure

  1. Go to the configuration location of the web application.
    For the Review Space, Draft Space and Organize Space web applications, a number of properties are defined in their appsettings.json files, which you can find at following locations on the Content Manager server:
    • Web<projectsuffix>\InfoShareCS\DraftSpace\
    • Web<projectsuffix>\InfoShareCS\OrganizeSpace\
    • Web<projectsuffix>\InfoShareCS\ReviewSpace\
  2. Open appsettings.json for editing.
  3. Locate the Security > AccessManagement section.
  4. If not already present, add a CookieAuth subsection with one or both of the following properties:
    SlidingExpiration
    • true (default) – The authentication cookie will be reissued with a new expiration time any time there is a request that is more than halfway through the expiration window.
    • false – Change the value to "false" to allow the cookie to expire according to the set expiration time without regard for in-progress requests.
    ExpireTimeSpan
    Sets the duration for which the authentication cookie will remain valid after it is first created.
    Format: hh:mm:ss
    Default value: 01:00:00 (one hour)
  5. Save and close the file.

Example

In the following example, the option for a sliding expiration is turned off and the expiration time is reduced to 30 minutes:
{
  "Security": {
    "AccessManagement": {
      "AccessManagementUrl": "https://example.com/ISHAM",
      "ClientId": "Tridion_Docs_Organize_Space",
      "CookieAuth": {
        "SlidingExpiration": false,
        "ExpireTimeSpan": "00:30:00"
      }
    }
  }
}