By using AWS re:Post, you agree to the Terms of Use

Application Load Balancer and Cognito cookie session time (SessionTimeout) can't be adjusted - logout problem

0

I am using Application Load Balancer with Cognito. I would like to control user session time by cookie session which is part of the ALB configuration. By default, the SessionTimeout field is set to 7 days. I have configured it with shorter time, but when Application Load Balancer session is open it keeps default value of 7 days.

When I review ALB listener configuration, session time of cookie is visible as configured 3600 sec.

Here is the part of the documentation where this is described. https://docs.aws.amazon.com/elasticloadbalancing/latest/application/listener-authenticate-users.html

Configure user authentication

    "SessionCookieName": "my-cookie",
    "SessionTimeout": 3600,
	
	

Do You have any idea what may be the problem ?

1 Answer
0
Accepted Answer

Hello,

Greetings from AWS Premium Support !

Reading through the case description I understand that for controlling user session time by cookie session, you have configured SessionTimeout value less than By default value(7 days). But when Application Load Balancer session is open it keeps default value of 7 days and On reviewing ALB listener configuration, sessiontime of cookie is configured as 3600 sec. You would like to know about this different behavior.

On preliminary investigation, I need to check the ALB configuration but without ALB DNS name, I was unable to check. So I am providing you general information regarding your query, Please find below,

As per your words, It seems that cookie's 'Expires' parameter is showing 7 days even after the configuration is changed to 3600 Sec in the target group attributes.

I would like to inform you that this is an expected behavior for the ALB, the actual expiry timestamp is embedded within the cookie value. Thus, ALB will decode the value of the cookie to find the configured expiry and will not consider the expires parameter. The 'Expires' parameter is always set to 7 days no matter the configuration on the target group.

In case, if you still have queries regarding this, I would like to request you to reach out to the support team, with ALB DNS and region name, via Support console and we will investigate the same in detail.

Hope the information provided above is helpful.

Have a great day ahead.

SUPPORT ENGINEER
answered 2 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions