Seeing an issue where the CookieTimeout doesn't appear to be working. Users getting logged out before that time cycles.
Able to log in again but something odd is going on.
Why are users being logged out before the SsoCookieTimeoutMinutes setting is reached?
Why are users being logged out before the Single Sign-On (SSO) Cookie Timeout Minutes setting is reached?
Why are users logged out after 30 minutes?
There are only three things that should trigger a User to be logged out.
All supported DX NetOps Performance Management Performance Center Portal releases r20.2.1 and newer
A code defect causes the SsoCookieTimeoutMinutes value, when configured with a value >30 minutes, to be ignored.
This is being addressed via defect DE496629
This issue was reported to engineering as DE496629 which is resolved via code change in the r21.2.6 release. Upgrade to release r21.2.6 or newer to resolve this issue.
To resolve this until a fix is available in a new release, follow these steps. It allows longer timeouts to work properly by setting the Jetty session to match the cookie timeout. Without this change the jetty session ignores the SsoCookieTimeoutMinutes value if set to >30 minutes.
<session-config> <cookie-config> <name>JSESSIONID</name> <http-only>true</http-only> </cookie-config> </session-config>
<session-config> <cookie-config> <name>JSESSIONID</name> <http-only>true</http-only> </cookie-config> <session-timeout>SSOCONFIG_VALUE</session-timeout> </session-config>
After this change the User should not be logged out automatically until the SsoCookieTimeoutMinutes value is reached.