0

From my understanding with such configuration in Azure AD B2C users should not be logged out if there's no 24h break between their actions. But they are. And from what I understand this is how "Absolute" should work - session is alive for max 24h.

What is wrong with my configuration? Or am I misunderstanding it?

enter image description here

Piotr Perak
  • 10,718
  • 9
  • 49
  • 86

1 Answers1

1

Please check if below references can help: Please try to set access token lifetime to 1hr , refresh token lifetime to 24hr which is absolute length and fixed as 24hrs for single page apps(SPA apps). Reduce refresh token time below web session rolling life time to have more chance of web session being extended. If web session rolling is 24 hr ,it Only extends when refresh token expires .

In custom policy , user journey ,set session expiry to rolling :Reference

<UserJourneyBehaviors>
 <SingleSignOn Scope="Tenant"/>
      <SessionExpiryType>Rolling</SessionExpiryType>
      <SessionExpiryInSeconds>86400</SessionExpiryInSeconds>
<UserJourneyBehaviors>

References:

  1. B2C How to have a Rolling Session with a maximum session limit -Stack overflow
  2. b2c-user-gets-signed-out-though-he-is-active-after-the-token-lifetime
  3. session behviour-stack overflow
kavyaS
  • 8,026
  • 1
  • 7
  • 19
  • I guess that would make sense but, on my test env I have web session timeout=15 minutes absolute and access token valid for 60 minutes and refresh token lifetime 14 days. Why then doesn't it log me out after 15 minutes? If refresh token lifetime is 14 days it should not extend session. – Piotr Perak Mar 22 '22 at 08:58