JanssenProject · yuriyz · Feb 6, 2024 · Feb 6, 2024 · Feb 6, 2024
diff --git a/docs/admin/auth-server/session-management/README.md b/docs/admin/auth-server/session-management/README.md
@@ -33,10 +33,8 @@ The Auth Server session can have one of two states:
 
 The following Auth Server configuration properties are related to sessions:
 
-- **sessionIdLifetime** - lifetime of the OP session in seconds. It sets both the `session_id` cookie expiration property as well as the OP session object expiration (if `serverSessionIdLifetime` is not set or equals 0 which is default behavior) in the persistence. Upi cam set the value to 0 or -1, which means that expiration is not set. In this case, the sesion is valid until the browser
-session ends. Default value is `86400`.
-- **serverSessionIdLifetime** - dedicated property to control lifetime of the server side OP session object in seconds. Overrides `sessionIdLifetime`. By default value is `0`, so object lifetime equals `sessionIdLifetime` (which sets both cookie and object expiration). It can be useful if goal is to keep
-different values for client cookie and server object. Default value is `86400`.
+- **sessionIdCookieLifetime** - The lifetime of `session_id` cookie in seconds. If 0 or -1 then expiration is not set. session_id cookie expires when browser session ends. Default value is `86400`.
+- **sessionIdLifetime** - lifetime of the OP session in seconds (server side object). If not set, falls back to `session_id` cookie expiration set by `sessionIdCookieLifetime` configuration property.
 - **sessionIdUnusedLifetime** - unused OP session lifetime in seconds. If an OP session is not used for a given amount of time, the OP session is removed.
 Default value is `86400`.
 - **sessionIdUnauthenticatedUnusedLifetime** - lifetime in seconds of `unauthenticated` OP session. This determines how long the user can be on the login page while unauthenticated. Default value is `120`.

diff --git a/docs/admin/config-guide/jans-authorization-server-config.md b/docs/admin/config-guide/jans-authorization-server-config.md
@@ -425,7 +425,7 @@ It returns all the information of the Jans Authorization server.
   "disablePromptLogin": false,
   "disablePromptConsent": false,
   "sessionIdLifetime": 86400,
-  "serverSessionIdLifetime": 86400,
+  "sessionIdCookieLifetime": 86400,
   "configurationUpdateInterval": 3600,
   "enableClientGrantTypeUpdate": true,
   "dynamicGrantTypeDefault": [

diff --git a/docs/admin/planning/timeout-management.md b/docs/admin/planning/timeout-management.md
@@ -16,9 +16,9 @@ first, it may need to trigger a logout event at the OpenID Provider.
 Below is a list of some of the Auth Server configuration properties for timeouts
 that you should consider:
 
-1. **sessionIdLifetime**:
+1. **sessionIdCookieLifetime**:
 
-1. **serverSessionIdLifetime**:
+1. **sessionIdLifetime**:
 
 1. **sessionIdUnusedLifetime**:
 

@@ -495,11 +495,11 @@ public class AppConfiguration implements Configuration {
     /**
      * SessionId will be expired after sessionIdLifetime seconds
      */
-    @DocProperty(description = "The lifetime of session id in seconds. If 0 or -1 then expiration is not set. session_id cookie expires when browser session ends")
-    private Integer sessionIdLifetime = DEFAULT_SESSION_ID_LIFETIME;
+    @DocProperty(description = "The lifetime of session_id cookie in seconds. If 0 or -1 then expiration is not set. session_id cookie expires when browser session ends")
+    private Integer sessionIdCookieLifetime = DEFAULT_SESSION_ID_LIFETIME;
 
-    @DocProperty(description = "Dedicated property to control lifetime of the server side OP session object in seconds. Overrides sessionIdLifetime. By default value is 0, so object lifetime equals sessionIdLifetime (which sets both cookie and object expiration). It can be useful if goal is to keep different values for client cookie and server object")
-    private Integer serverSessionIdLifetime = sessionIdLifetime; // by default same as sessionIdLifetime
+    @DocProperty(description = "The lifetime of session_id server object in seconds. If not set falls back to session_id cookie expiration set by 'sessionIdCookieLifetime' configuration property")
+    private Integer sessionIdLifetime = sessionIdCookieLifetime;
 
     @DocProperty(description = "Authorization Scope for active session")
     private String activeSessionAuthorizationScope;
@@ -2848,30 +2848,45 @@ public void setDynamicGrantTypeDefault(Set<GrantType> dynamicGrantTypeDefault) {
     }
 
     /**
-     * @return session_id lifetime. If null or value is zero or less then session_id lifetime is not set and will expire when browser session ends.
+     * @return session_id lifetime. If value is zero or less then session_id lifetime is set to Integer.MAX_VALUE. If null then falls back to 86400 seconds.
      */
     public Integer getSessionIdLifetime() {
         return sessionIdLifetime;
     }
 
+    /**
+     * Sets session id lifetime
+     *
+     * @param sessionIdLifetime session id lifetime
+     */
     public void setSessionIdLifetime(Integer sessionIdLifetime) {
         this.sessionIdLifetime = sessionIdLifetime;
     }
 
-    public String getActiveSessionAuthorizationScope() {
-        return activeSessionAuthorizationScope;
+    /**
+     * Gets session id cookie lifetime
+     *
+     * @return session id cookie lifetime
+     */
+    public Integer getSessionIdCookieLifetime() {
+        return sessionIdCookieLifetime;
     }
 
-    public void setActiveSessionAuthorizationScope(String activeSessionAuthorizationScope) {
-        this.activeSessionAuthorizationScope = activeSessionAuthorizationScope;
+    /**
+     * Sets session id cookie lifetime
+     *
+     * @param sessionIdCookieLifetime session id cookie lifetime
+     */
+    public void setSessionIdCookieLifetime(Integer sessionIdCookieLifetime) {
+        this.sessionIdCookieLifetime = sessionIdCookieLifetime;
     }
 
-    public Integer getServerSessionIdLifetime() {
-        return serverSessionIdLifetime;
+    public String getActiveSessionAuthorizationScope() {
+        return activeSessionAuthorizationScope;
     }
 
-    public void setServerSessionIdLifetime(Integer serverSessionIdLifetime) {
-        this.serverSessionIdLifetime = serverSessionIdLifetime;
+    public void setActiveSessionAuthorizationScope(String activeSessionAuthorizationScope) {
+        this.activeSessionAuthorizationScope = activeSessionAuthorizationScope;
     }
 
     public Boolean getLogClientIdOnClientAuthentication() {

@@ -401,6 +401,7 @@
     "sessionIdEnabled":true,
     "sessionIdPersistOnPromptNone":true,
     "sessionIdLifetime":86400,
+    "sessionIdCookieLifetime":86400,
     "forceOfflineAccessScopeToEnableRefreshToken":false,
     "configurationUpdateInterval":3600,
     "cssLocation":"${config.oxauth.contextPath}/stylesheet",

@@ -298,7 +298,7 @@ public void createOPBrowserStateCookie(String opbs, HttpServletResponse httpResp
         String header = OP_BROWSER_STATE + "=" + opbs;
         header += "; Path=/";
         header += "; Secure";
-        Integer sessionStateLifetime = appConfiguration.getSessionIdLifetime();
+        Integer sessionStateLifetime = appConfiguration.getSessionIdCookieLifetime();
         if (sessionStateLifetime != null && sessionStateLifetime > 0) {
             DateFormat formatter = new SimpleDateFormat("E, dd MMM yyyy HH:mm:ss Z");
             Calendar expirationDate = Calendar.getInstance();
@@ -312,7 +312,7 @@ public void createOPBrowserStateCookie(String opbs, HttpServletResponse httpResp
     }
 
     protected void createCookie(String header, HttpServletResponse httpResponse) {
-        Integer sessionStateLifetime = appConfiguration.getSessionIdLifetime();
+        Integer sessionStateLifetime = appConfiguration.getSessionIdCookieLifetime();
         if (sessionStateLifetime != null && sessionStateLifetime > 0) {
             DateFormat formatter = new SimpleDateFormat("E, dd MMM yyyy HH:mm:ss Z");
             Calendar expirationDate = Calendar.getInstance();

@@ -659,19 +659,20 @@ public boolean isExpired(SessionId sessionId) {
     }
 
     public int getServerSessionIdLifetimeInSeconds() {
-        if (appConfiguration.getServerSessionIdLifetime() != null && appConfiguration.getServerSessionIdLifetime() > 0) {
-            return appConfiguration.getServerSessionIdLifetime();
-        }
-        if (appConfiguration.getSessionIdLifetime() != null && appConfiguration.getSessionIdLifetime() > 0) {
-            return appConfiguration.getSessionIdLifetime();
+        if (appConfiguration.getSessionIdLifetime() != null) {
+            if (appConfiguration.getSessionIdLifetime() > 0) {
+                return appConfiguration.getSessionIdLifetime();
+            } else { // equals or less then 0
+                // if less or equal to 0 we put it for maximum period
+                return Integer.MAX_VALUE;
+            }
         }
 
-        // we don't know for how long we can put it in cache/persistence since expiration is not set, so we set it to max integer.
-        if (appConfiguration.getServerSessionIdLifetime() != null && appConfiguration.getSessionIdLifetime() != null &&
-                appConfiguration.getServerSessionIdLifetime() <= 0 && appConfiguration.getSessionIdLifetime() <= 0) {
-            return Integer.MAX_VALUE;
+        if (appConfiguration.getSessionIdCookieLifetime() != null && appConfiguration.getSessionIdCookieLifetime() > 0) {
+            return appConfiguration.getSessionIdCookieLifetime();
         }
-        log.debug("Session id lifetime configuration is null.");
+
+        log.debug("Session id lifetime configuration is null. (Both 'sessionIdLifetime' and 'sessionIdCookieLifetime' are null. Fallback to 86400 value.");
         return AppConfiguration.DEFAULT_SESSION_ID_LIFETIME;
     }
 

@@ -8354,7 +8354,7 @@ components:
         sessionIdLifetime:
           type: integer
           format: int32
-        serverSessionIdLifetime:
+        sessionIdCookieLifetime:
           type: integer
           format: int32
         activeSessionAuthorizationScope:

@@ -81,15 +81,15 @@ Feature: Verify SessionId configuration endpoint
     And print response
 
     @sessionid-error
-  	Scenario: serverSessionIdLifetime configuration cannot be less than -1 (minus one)
+  	Scenario: sessionIdCookieLifetime configuration cannot be less than -1 (minus one)
     Given url  mainUrl
     And  header Authorization = 'Bearer ' + accessToken
     When method GET
     Then status 200
     And print response
     And assert response.length != null
    Then def result = response
-    Then set result.serverSessionIdLifetime = -5 
+    Then set result.sessionIdCookieLifetime = -5
     Given url  mainUrl
     And  header Authorization = 'Bearer ' + accessToken
     And request result

@@ -434,6 +434,7 @@
     "changeSessionIdOnAuthentication":true,
     "returnClientSecretOnRead": true,
     "sessionIdPersistOnPromptNone":true,
+    "sessionIdCookieLifetime": 86400,
     "sessionIdLifetime": 86400,
     "configurationUpdateInterval":3600,
     "cssLocation":"",

diff --git a/terraform-provider-jans/jans/app_configuration.go b/terraform-provider-jans/jans/app_configuration.go
@@ -246,7 +246,7 @@ type AppConfiguration struct {
 	DisablePromptLogin                                        bool                                  `schema:"disable_prompt_login" json:"disablePromptLogin"`
 	DisablePromptConsent                                      bool                                  `schema:"disable_prompt_consent" json:"disablePromptConsent"`
 	SessionIdLifetime                                         int                                   `schema:"session_id_lifetime" json:"sessionIdLifetime"`
-	ServerSessionIdLifetime                                   int                                   `schema:"server_session_id_lifetime" json:"serverSessionIdLifetime"`
+	SessionIdCookieLifetime                                   int                                   `schema:"session_id_cookie_lifetime" json:"sessionIdCookieLifetime"`
 	ActiveSessionAuthorizationScope                           string                                `schema:"active_session_authorization_scope" json:"activeSessionAuthorizationScope"`
 	ConfigurationUpdateInterval                               int                                   `schema:"configuration_update_interval" json:"configurationUpdateInterval"`
 	LogNotFoundEntityAsError                                  bool                                  `schema:"log_not_found_entity_as_error" json:"logNotFoundEntityAsError"`