Topics

All topics

Configure authentication expiration

There are several cookies and tokens used by Sitefinity, each of them having different expiration time. Use the following procedures to configure it:

Relying party cookie

This is the cookie used for the authenticated user on the Relying party (.AspNet.Cookies).
To configure it, perform the following:

  1. Navigate to Administration » Settings » Advanced.
  2. In the left pane, expand Authentication and click RelyingParty.
  3. If you want to enable or disable sliding expiration, use the Authentication cookie sliding expiration checkbox.
    By default this setting is enabled.
  4. You can also change the default expiration time in Authentication cookie expiration time input field.
  5. Save your changes.

IdentityServer cookie

This is the cookie used for the authenticated user on the Secured Token Service (idsrv).
To configure it, perform the following:

  1. Navigate to Administration » Settings » Advanced.
  2. In the left pane, expand Authentication and click SecurityTokenService » IdentityServer.
  3. Change the default expiration time from the Cookie remember me duration input field.
  4. Save your changes.

Security Token Service tokens

IdentityServer3 provides four types of tokens: Identity token, Access token, Refresh token, Authorization code. Their expiration times are configured per client application. To configure them, perform the following:

  1. Navigate to Administration » Settings » Advanced.
  2. In the left pane, expand Authentication » SecurityTokenService » IdentityServer » Clients.
  3. Choose the client you want to configure.
  4. Configure the tokens:
    • Identity token lifetime.
      Default is 300 seconds (5 minutes)
    • Access token lifetime.
      Default is 3600 seconds (1 hour)
    • Refresh token
    • Refresh token expiration - choose from Sliding or Absolute
    • Sliding refresh token expiration.
      Default is 1296000 seconds (15 days)
    • Absolute refresh token expiration.
      Default is 2592000 seconds (30 days)
    • Authorization code lifetime.
      Default is 300 seconds (5 minutes)
  5. Save your changes.

Increase your Sitefinity skills by signing up for our free trainings. Get Sitefinity-certified at Progress Education Community to boost your credentials.

Get started with Integration Hub | Sitefinity Cloud | Sitefinity SaaS

This free lesson teaches administrators, marketers, and other business professionals how to use the Integration hub service to create automated workflows between Sitefinity and other business systems.

Web Security for Sitefinity Administrators

This free lesson teaches administrators the basics about protecting yor Sitefinity instance and its sites from external threats. Configure HTTPS, SSL, allow lists for trusted sites, and cookie security, among others.

Foundations of Sitefinity ASP.NET Core Development

The free on-demand video course teaches developers how to use Sitefinity .NET Core and leverage its decoupled architecture and new way of coding against the platform.

Was this article helpful?

Next article

Turn on authentication logging