By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Cognito login timeout

0

We are using Cognito with an external provider and are having an issue with the session timing out if the user takes too long to login on the providers login page.

When we initiate the login with Cognito and see it setting a 'csrf-state' cookie with a timeout of 5 minutes, so we assume this is the culprit, but could be a red herring. If we take longer than 5 minutes on the external login screen we are redirected to Cognito's hosted UI with an error of "Something went wrong", which isn't the user experience we are looking for. Error page on Hosted UI

We are looking to increase the duration and/or stop it showing the hosted UI. Ideally we would have it redirect to a page within our application where we will give a descriptive error and the option to re-initiate the process.

I can't see anything in the management console set to 5 minutes, but have tried changing the "Authentication flow session duration", who's name seems to suggest it is exactly what I am after (but which was set to 3 minutes anyway, so it can't be), to no avail.

Topics
Security, Identity, & Compliance
Tags
Amazon Cognito
Language
English
blawford
asked a year ago1411 views
2 Answers
0

If you're experiencing session timeout issues with Cognito when using an external login provider, there are a few settings you can check and adjust to modify the session duration and customize the user experience. Here are some steps you can take:

  1. Adjusting Cognito User Pool settings:

    • Sign in to the AWS Management Console and navigate to the Amazon Cognito service.
    • Open your user pool and go to the "App integration" -> "App client settings" section.
    • Look for the "Refresh token expiration" setting. This determines how long the session can be extended by using a refresh token. You can increase this value to extend the session duration.
    • Save the changes to apply the updated settings.

  2. Customizing the user experience:

    • Consider using Cognito's advanced security features, such as Adaptive Authentication or Lambda triggers, to customize the behavior and user experience during login flows. These features allow you to add additional logic and control over the authentication process.
    • You can create a custom authentication flow using AWS Lambda triggers to redirect users to specific pages within your application instead of Cognito's hosted UI. By customizing the authentication flow, you have more flexibility in handling timeouts and displaying appropriate error messages.

  3. Handling errors gracefully:

    • When users are redirected back to Cognito's hosted UI with an error message, you can capture the error response and provide a more user-friendly error page within your application. This can be achieved by using callback URLs or redirect URIs that point to specific error pages.

It's important to note that session durations and login flows can be influenced by various factors, including the identity provider you're using and the specific implementation of your application.

rePost-User-pravikiranreddy
answered a year ago
0

Thanks for the response, we have tried the first two points but it hasn't had any impact on this scenario.

With regard to the third, could you elaborate? Is there some configuration that would allow us to intercept redirects to the hosted UI? I haven't been able to find it.

blawford
answered a year ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content