Fazla, This is what I have in my config ## default is P14D ## used to set maxAge on user selection of remember me at login ## it is always set regardless of user choice; this is a bug to investigate ## file: https://github.com/apereo/cas/blob/5.1.x/support/cas-server-support-cookie/src/main/java/org/apereo/cas/web/support/CookieRetrievingCookieGenerator.java cas.tgc.rememberMeMaxAge=-1
I am not sure how it affects users but we limit max log in to 8h. Ray On Thu, 2020-06-04 at 23:29 +0800, Appify wrote: Hi John, Thanks for your reply. I saw your configuration and I will try this in our staging environment. I was wondering about cas.tgc.rememberMeMaxAge properties, what does that do? Also if this config works for you please let me know. Thanks. Regards On Thu, Jun 4, 2020 at 5:31 PM John Bond <jb...@wikimedia.org<mailto:jb...@wikimedia.org>> wrote: Hi Fazla, We use are now using the following settings cas.ticket.tgt.rememberMe.enabled=true cas.ticket.tgt.rememberMe.timeToKillInSeconds=604800 cas.ticket.tgt.timeToKillInSeconds=3600 cas.ticket.tgt.maxTimeToLiveInSeconds=604800 We are still testing but the intention is that someone who sets RemeberMe will get a long term cookie and not need to re-authenticate for one week. however if you don't set remember me i.e. in public place or shared cookie, then your session will be killed after an hour of inactivity. this allows us to clean up dead sessions quickly in-case users forget to log out. We have not changed any of the values at the `cas.tgc` level, other then the encryption and signing keys, as such we will be using what ever the defaults are,. Thanks John On Thursday, June 4, 2020 at 10:32:30 AM UTC+2, casuser wrote: Hello John and Ray, We are also using memcached as a ticket registry and facing the same issue as the remember me functionality not working properly as expected. Below is our configuration. Are you doing anything wrong. cas.ticket.tgt.rememberMe.enabled=true cas.ticket.tgt.rememberMe.timeToKillInSeconds=2592000 cas.ticket.tgt.maxTimeToLiveInSeconds=2592000 cas.ticket.tgt.timeToKillInSeconds=2592000 # cas.tgc.path=/ # cas.tgc.maxAge=-1 If one modified this to an positive number, # you will get the behavior of CAS session after browser close and re-open. cas.tgc.maxAge=-1 cas.tgc.name=TGC cas.tgc.secure=true # cas.tgc.httpOnly=true cas.tgc.rememberMeMaxAge=2592000 cas.tgc.pinToSession=true Thanks in advance. On Wed, Jun 3, 2020 at 6:48 PM John Bond <jb...@wikimedia.org> wrote: Ray On Tue, Jun 2, 2020 at 6:04 PM Ray Bon <rb...@uvic.ca> wrote: John, I think timeout.maxTimeToLiveInSeconds provides a sliding window with no defined stop time. Ahh thanks, This now makes sense why org.apereo.cas.ticket.expiration.TimeoutExpirationPolicy returns Long.MAX_VALUE for its TTL I set our remember me to the same as maxTimeToLiveInSeconds, so do not know if it provides a sliding window. Ack thanks very much appreciate the assistance John -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAA7%2BHnD3bmq%2BQe%2BRKCPs63FV4%2BVw-iyWk%2Btdxs502En8saRpQQ%40mail.gmail.com<https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAA7%2BHnD3bmq%2BQe%2BRKCPs63FV4%2BVw-iyWk%2Btdxs502En8saRpQQ%40mail.gmail.com?utm_medium=email&utm_source=footer>. -- -Fazla. -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org<mailto:cas-user+unsubscr...@apereo.org>. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/7ab8147d-0661-41d2-9a52-a7e6a1ac7aac%40apereo.org<https://groups.google.com/a/apereo.org/d/msgid/cas-user/7ab8147d-0661-41d2-9a52-a7e6a1ac7aac%40apereo.org?utm_medium=email&utm_source=footer>. -- Ray Bon Programmer Analyst Development Services, University Systems 2507218831 | CLE 019 | r...@uvic.ca<mailto:r...@uvic.ca> I respectfully acknowledge that my place of work is located within the ancestral, traditional and unceded territory of the Songhees, Esquimalt and WSÁNEĆ Nations. -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/65feb6ee752f20935dd4197388452ecf2f444e57.camel%40uvic.ca.
