--Sig_/BUyW3uY.sqBwHre4Irh5X3B Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: quoted-printable On Wed, 4 Jan 2017 14:40:06 -0500 Ravi wrote: RN> With SSO the client sends the client secret to SSO which is stored in t= he RN> session. Now when the clients session expires all the information inclu= ding RN> the client secret is lost when the session is purged by the application RN> server. Is the session expiration time configurable? RN> 1. login to webadmin RN> 2. Leave the session until session time out on engine and user is RN> redirected to login page (the client id and secret are sent) RN> 3. If user tries to login now everything will be fine but if user leaves RN> and the session expires the session is purged, client secret is lost RN> 4. User enters user name password on the screen after coming back. The RN> login form does not have a session associated with it so the client and RN> secret are not found and SSO needs to report that the session has expir= ed RN> and redirect user to welcome page. So in step 4, can't it just start a new session instead of going to an expiration page? Or show the page for a few seconds and then start a new session?=20 Or in step 2, set a refresh on the login page that still has a session so that when the session expires it will redirect to a login screen that will start a new session? Robert --=20 Senior Software Engineer @ Parsons --Sig_/BUyW3uY.sqBwHre4Irh5X3B Content-Type: application/pgp-signature Content-Description: OpenPGP digital signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iEYEARECAAYFAlhtWcYACgkQ7/fVLLY1mngpWACfchr6NCwQUTV94Ksb74d5VZ9G 4D0AnAsBMFAr9b18oLCqRKN+f3umu+zB =ldyn -----END PGP SIGNATURE----- --Sig_/BUyW3uY.sqBwHre4Irh5X3B--