PingFederate validates both an inactivity timeout and an overall session timeout:
- Inactivity timeout
- The amount of time that a session can be inactive (no new browser requests are received) before a user is required to re-authenticate.
- Overall session timeout
- The total amount of time that a session can be active, regardless of activity, before the user is required to re-authenticate.
If either of the timeout limits has expired, the Apache Agent
cancels the existing session and redirects the browser to the
PingFederateLoginPageUrl address in your
This starts a service provider (SP)-initiated single sign-on (SSO) request at the identity
Session cancellation enforces session cleanup in the PingFederate server and obsolescence of session cookies.