2

I have a running productive WSO2 Identity Server (Version wso2is-5.6.0) and a new clean testing instance (Version 5.9.0) and using identity providers with 2Factor authentication. (basic and totp).

When both of them are active, the "rember me" function doesn't work anymore. When i disable the totp authentication, the "Remember Me" function works and the Session keeps active when the Browser is closed.

Does anybody know, if that's a configuration issue, a error or just doesn't work like that?

Configuration in the deployment.toml:

[session_data.persistence]
enable_persistence = true
persist_temporary_data = true
persistence_pool_size = "0"

[session_data.cleanup]
enable_expired_data_cleanup = true
expire_session_data_after = "14d"
clean_expired_session_data_every = "1d"
clean_expired_session_data_in_chunks_of = "8192"
clean_logged_out_sessions_at_immediate_cycle = "true"

enable_pre_session_data_cleanup = true
pre_session_data_cleanup_thread_pool_size= "20"
expire_pre_session_data_after= "40m"
Community
  • 1
  • 1
FabianOX
  • 23
  • 4
  • When the user choose "remember me" option, commonAuthId cookie expiry is set to some value. Can you please check the expiry time of the commonAuthId cookie? – Piraveena Paralogarajah Jan 27 '20 at 13:29
  • When i login with only one authentication step (basic auth) the lifetime is set to 20160 minutes. When i add a second authentication step (totp) the liftetime is set to "end of browser session". – FabianOX Jan 27 '20 at 15:38

1 Answers1

0

This is the bug in the product. Thank you for reporting this. I have created a git issue to track and fix this. We will fix this in the next weekly release.

senthalan
  • 1,936
  • 3
  • 10
  • 19