--- title: Set Session Properties node description: The Set Session Properties node lets you change details in the resulting authenticated session. You can do one or both of the following: component: auth-node-ref version: latest page_id: auth-node-ref::set-session-properties canonical_url: https://docs.pingidentity.com/auth-node-ref/latest/set-session-properties.html keywords: ["Nodes & Trees", "Journeys", "Authentication"] page_aliases: ["auth-node-set-session-properties.adoc"] superseded_by: https://docs.pingidentity.com/auth-node-ref/latest/set-session-properties.html section_ids: examples: Examples example_1_update_the_successurl_session_property: "Example 1: Update the successURL session property" example_2_update_the_authenticated_session_timeouts: "Example 2: Update the authenticated session timeouts" availability: Availability inputs: Inputs dependencies: Dependencies configuration: Configuration outputs: Outputs outcomes: Outcomes errors: Errors --- # Set Session Properties node The Set Session Properties node lets you change details in the resulting authenticated session. You can do one or both of the following: * Set session properties Use this node to add `key:value` properties to the user's authenticated session on successful authentication. | | | | - | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | | You can access session properties using a variable in a webhook.Learn more in [Configure webhooks](https://docs.pingidentity.com/pingoneaic/am-authentication/auth-tree-webhooks.html). | * Update the authenticated session timeouts Use this node to update the authenticated session timeout settings. For example, you could have different session settings for different branches within the journey based on factors such as which region the user was authenticating from or the authentication methods being used. Consider the following when updating authenticated session timeout settings: * If a journey has multiple nodes that set session timeouts, Advanced Identity Cloud uses the settings associated with the last processed node to determine the timeouts for the resulting authenticated session. * If an inner journey includes nodes that set session timeouts, Advanced Identity Cloud uses the updated timeouts in the parent journey. ## Examples ### Example 1: Update the `successURL` session property This example uses the Set Session Properties node to update the `successURL` session property. A first platform journey updates the session property on successful authentication: ![Setting a session property](_images/set-session-properties-journey.png) * The [Page node](page.html) containing the [Platform Username node](platform-username.html) and [Platform Password node](platform-password.html) prompts for credentials. * The [Data Store Decision node](data-store-decision.html) validates the username-password credentials. * The [Increment Login Count node](increment-login-count.html) updates the number of successful authentications in the user profile. * The Set Session Properties node sets the `successURL` session property. Configure the Properties to add a `successURL` property with the URL of your choice. When the journey completes successfully, Advanced Identity Cloud updates the `successURL` in the user's session data. A second journey uses a script to display the session properties after the user authenticates: ![Showing session properties in the shared state data](_images/debug-session-properties-journey.png) The [Scripted Decision node](scripted-decision.html) calls the following script to inject the session properties into the shared state data so the journey can display them though a debug popup: ```javascript if (typeof existingSession !== 'undefined') { nodeState.putShared('session', existingSession) action.goTo('hasSession') } else { nodeState.putShared('session', null) action.goTo('noSession') } ``` The second journey has Debug mode and Enable Debug Popup selected. Follow these steps to try the example: 1. Create both journeys using the journey editor. 2. Sign in through the first journey with a test user account. The browser shows the user profile page. 3. In the same browser window, browse to the URL for the second journey. The debug popup window displays the shared state data including session properties: ```json { "transactionId": "...", "session": { "successURL": "", "...": "..." }, "realm": "/alpha", "authLevel": 0, "username": "test" } ``` The `successURL` property is set to \, the one you configured as the value in Properties of the Set Session Properties node. 4. Sign out as the test user. 5. Sign in through the *default* journey as the test user. The default journey doesn't use the Set Session Properties node with your configuration, so it uses the default value for the `successURL` session property. 6. In the same browser window, browse to the URL for the second journey again. The debug popup window displays the shared state data, including session properties with the default `successURL` value. ### Example 2: Update the authenticated session timeouts This example uses the Set Session Properties node to set different session timeouts depending on the authentication method used. If the user chooses to authenticate with a username and password, the resulting authenticated session will have a shorter lifetime than if they use a social provider to authenticate. For both authentication methods, the idle timeout will be lower than the default. | | | | - | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | | Instead of setting the same maximum session idle timeout in each node, you could set it at the journey level and leave the node setting blank. They have been set in the nodes in this example for demonstration purposes. | ![Applying different session timeouts depending on the authentication method used](_images/update-session-timeouts.png) a The [Page node](page.html) containing the [Select Identity Provider node](select-identity-provider.html) prompts the user to select a social identity provider or to authenticate with a username and password. b If the user selects local authentication, the [Data Store Decision node](data-store-decision.html) takes care of the authentication. c The Set Session Properties node for local authentication updates the session timeout values with the following settings: * Maximum Session Time: 60 * Maximum Idle Time: 20 d If the user selects social authentication, the [Social Provider Handler node](social-provider-handler.html) does the following: * Routes the user to the selected social provider to authenticate there * Retrieves the user's profile information and transforms it into a format that Advanced Identity Cloud can use * Assesses whether the user has an existing identity in Advanced Identity Cloud * If the user has an existing identity, authenticates that identity * If the user doesn't have an identity, routes the user to another page node * If the user interrupts the social authentication, routes the user back to the [Select Identity Provider node](select-identity-provider.html) e The Set Session Properties node for social authentication updates the session timeout values with the following settings: * Maximum Session Time: 180 * Maximum Idle Time: 20 f The nodes on the page node request the information required to *register* a new identity. g The [Create Object node](create-object.html) creates the new identity in Advanced Identity Cloud. h The Set Session Properties node for social authentication updates the session timeout values with the following settings: * Maximum Session Time: 180 * Maximum Idle Time: 20 ## Availability | Product | Available? | | ------------------------------------- | ---------- | | PingOne Advanced Identity Cloud | Yes | | PingAM (self-managed) | Yes | | Ping Identity Platform (self-managed) | Yes | ## Inputs This node reads the authenticated session timeout settings from the user, journey or the Session service. Find more information in [Configure authenticated session timeout settings](https://docs.pingidentity.com/pingoneaic/am-sessions/session-state-session-termination.html#auth-session-termination-config). ## Dependencies Make sure the user can successfully authenticate and get a session. This node is ignored if it's added to a no session journey or the `noSession` query parameter is used during authentication. ## Configuration | Property | Usage | | -------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | Properties | The session properties to set.- To add a session property: 1. Click [icon: plus, set=fa], then [icon: plus, set=fa]Add in the Properties modal. 2. Enter the session property name in the Key field and the value to set in the Value field. 3. Click Done. - To edit a property: 1. Click the Pencil icon ([icon: pencil-alt, set=fa]). 2. Update the Key and Value as when adding properties. - To remove a property, click the Delete icon ([icon: trash, set=fa]).When finished, click Save to keep your settings. | | Maximum Session Time | The maximum authenticated session time in minutes.If set, this overrides the maximum authenticated session time set in the journey or the Session service.Find more information in [Configure authenticated session timeout settings](https://docs.pingidentity.com/pingoneaic/am-sessions/session-state-session-termination.html#auth-session-termination-config). If a user has session timeouts set, the user-specific settings are always used. | | Maximum Idle Time | The maximum idle time for the authenticated session in minutes.If set, this overrides the maximum idle time set in the journey or the Session service.Find more information in [Configure authenticated session timeout settings](https://docs.pingidentity.com/pingoneaic/am-sessions/session-state-session-termination.html#auth-session-termination-config). If a user has session timeouts set, the user-specific settings are always used. | ## Outputs This node doesn't change the shared state. It sets *session* properties. This node can't override system session properties, such as the principal or the authentication level. Use a different journey to re-authenticate the user rather than trying to change such properties with this node. Additionally, this node updates the authenticated session timeouts if new values are provided. ## Outcomes Single outcome path. ## Errors This node doesn't log any error or warning messages of its own.