How long does the Server cache session-state attributes?
Hi! I am currently implementing a 2-Factor authentication with a TOTP Challenge which looks very promising so far. As there is user interaction, the Access-Request after my first Access-Challenge can take some time. I wondered for how long does the server cache the session-state Attributes and what happens if the server never receives a new request for this particular state. Is this related to max_request_time? Daniel Finger
On May 10, 2023, at 12:18 PM, Daniel Finger <daniel.finger@ewetel.de> wrote:
I am currently implementing a 2-Factor authentication with a TOTP Challenge which looks very promising so far. As there is user interaction, the Access-Request after my first Access-Challenge can take some time. I wondered for how long does the server cache the session-state Attributes and what happens if the server never receives a new request for this particular state. Is this related to max_request_time?
The session-state attributes are cached for twice "max_request_time". At this point, that timeout is not configurable. It should be easy enough to change if necessary. But generally NASes will give up if challenge-response sessions take too long. Alan DeKok.
participants (2)
-
Alan DeKok -
Daniel Finger