Customer wants to convert all their existing realms from non-persistent to persistent, but has concerns about preserving single sign-on during the migration as well as the migration effort.

Release : All

Migrating to persistent sessions (persistent realms) will not disturb single sign on; users can seamlessly navigate between persistent and non-persistent realms.  If a user starts with a non-persistent session, it will be converted to persistent as soon as the user requests a protected resource from a persistent realm.  Once a user session is marked persistent, it remains persistent for the rest of that session.

To update a large number of realms to make them persistent, it's best to create a custom program with the SDK.  The only out of the box option is to use the AdminUI to update each realm individually.

Persistent sessions should not be confused with persistent cookies.  Session persistence is a realm property and affects whether the user's session is stored centrally in the Session Store.  Non-persistent sessions are not stored centrally which tends to be more efficient when the security features provided by persistent sessions are not needed.  Non-persistent sessions live only in the session cookie.

Persistent cookies are entirely independent of session persistence.  Persistent cookies are written to disk on the client computer and expire 7 days after the configured maximum session timeout that is set during authentication.  Non-persistent cookies (transient cookies) are used by default and are destroyed when the browser session ends.