The SSO cookie is built by the portal (as described in the login kinematic), or by the Handler for cross domain authentication (see CDA kinematic).
To edit SSO cookie parameters, go in Manager, General Parameters
> Cookies
:
Cookie name: name of the cookie, can be changed to avoid conflicts with other LemonLDAP::NG installations
Domain: validity domain for the cookie (the cookie will not be sent on other domains)
-
Secured cookie: 4 options:
Non secured cookie: the cookie can be sent over HTTP and HTTPS connections
Secured cookie: the cookie can only be sent over HTTPS
Double cookie: two cookies are delivered, one for HTTP and HTTPS connections, the other for HTTPS only
Double cookie for single session: same as double cookie but only one session is created in session database
Javascript protection: set httpOnly flag, to prevent cookie from being caught by javascript code
Cookie expiration time: by default,
SSO cookie is a session cookie, which means it will be destroyed when browser is closed. You can change this behavior by setting a cookie expiration time. It must be an integer.
Cookie Expiration Time value is a number of seconds until the cookie expires. A zero or negative number will expire the cookie immediately.
When you change cookie expiration time, it is written on the user hard disk unlike session cookie
Changing the domain value will not update other configuration parameters, like virtual host names, portal
URL, etc. You have to update them by yourself.