Application Load Balancer and Cognito cookie session time (SessionTimeout) can't be adjusted - logout problem

Hello,

Greetings from AWS Premium Support !

Reading through the case description I understand that for controlling user session time by cookie session, you have configured SessionTimeout value less than By default value(7 days). But when Application Load Balancer session is open it keeps default value of 7 days and On reviewing ALB listener configuration, sessiontime of cookie is configured as 3600 sec. You would like to know about this different behavior.

On preliminary investigation, I need to check the ALB configuration but without ALB DNS name, I was unable to check. So I am providing you general information regarding your query, Please find below,

As per your words, It seems that cookie's 'Expires' parameter is showing 7 days even after the configuration is changed to 3600 Sec in the target group attributes.

I would like to inform you that this is an expected behavior for the ALB, the actual expiry timestamp is embedded within the cookie value. Thus, ALB will decode the value of the cookie to find the configured expiry and will not consider the expires parameter. The 'Expires' parameter is always set to 7 days no matter the configuration on the target group.

In case, if you still have queries regarding this, I would like to request you to reach out to the support team, with ALB DNS and region name, via Support console and we will investigate the same in detail.

Hope the information provided above is helpful.

Have a great day ahead.