openid-connect-generic icon indicating copy to clipboard operation
openid-connect-generic copied to clipboard

Published 20 hours ago verified publisher icon oidc-wp

Session Timeout cannot change

Open mobykwong opened this issue 4 years ago • 1 comments

I set 1800 to State time limit in plugin setting, but it keeps timeout after 3 minutes. The default value is not overwritten by the setting.

To Reproduce Steps to reproduce the behavior:

  1. Go to Setting -> OpenID Connect Client
  2. Set 1800 to "State time limit"
  3. Go to an other page in admin
  4. Wait 3 minutes

Screenshots image

Expected behavior Don't timeout in 180 seconds.

WordPress Environment

  • PHP Version: 7.4.3
  • WordPress Version: 5.8.1
  • Plugin Version: 3.8.5
  • Relevant Plugin Settings: image

mobykwong avatar Sep 29 '21 08:09 mobykwong

@mobykwong the State is not session. What you are describing is session timeout. The state is the nonce generated and used as part of the authentication process. You should be very careful with increasing the state as this can open up your site to replay attacks on authentication.

timnolte avatar Sep 29 '21 11:09 timnolte