Page created: 24 Jul 2019
|
Page updated: 8 Feb 2022
PingFederate validates both an inactivity timeout and an overall session timeout:
- Inactivity timeout
- The amount of time that a session can be inactive (no new browser requests are received) before a user is required to re-authenticate.
- Overall session timeout
- The total amount of time that a session can be active, regardless of activity, before the user is required to re-authenticate.
If either of the timeout limits has expired, the Apache Agent
cancels the existing session and redirects the browser to the
PingFederateLoginPageUrl
address in your
<apache_home>/conf/mod_pf.conf file.
This starts a service provider (SP)-initiated single sign-on (SSO) request at the identity
provider (IdP).
Note:
Session cancellation enforces session cleanup in the PingFederate server and obsolescence of session cookies.