Configuring persistent session token cookies in WIF with Thinktecture IdentityModel
February 17, 2013
WIF can be configured to issue persistent session cookies. This configuration can be performed in web.config:
<system.identityModel.services> <federationConfiguration> <wsFederation requireHttps="true" passiveRedirectEnabled="true" realm="http://localhost/rp" issuer="https://localhost/sts/issue/wsfed" persistentCookiesOnPassiveRedirects="true" /> </federationConfiguration> </system.identityModel.services>
The persistentCookiesOnPassiveRedirects attribute on the <wsFederation> element configures the session cookie issued by the SAM to be persistent for the lifetime of the token and so it is common to set both. A ConfigurePersistentSessions API was added to Thinktecture IdentityModel to make this configuration from code. It is a one-time configuration that is performed in Application_Start in global.asax:
protected void Application_Start()
{
PassiveSessionConfiguration.ConfigurePersistentSessions(TimeSpan.FromDays(30));
}
This sets the persistent flag as well as the session token duration on the session security token.
2 Comments
leave one →
brockallen 
Hi, Could you explain what would be the effect of issuing persistent session cookies?
It would simply meant that the cookie is stored on the user’s machine and that they won’t need to re-authenticate via the STS while that cookie is still valid. The use case here is that normally a STS issues a cookie for 10 hours. With this (and the override WSFed token lifetime feature) you could keep the user logged into your app for a day or a week instead.