Determining webvpn cookie lifetime?

David Woodhouse dwmw2 at infradead.org
Sat Dec 19 23:40:15 PST 2015


On Sun, 2015-12-20 at 04:25 +0000, Dan Lenski wrote:
> 
> Does one of these indicate how long the cookie will remain valid? My guess:
> 
> - CSTP-Session-Timeout indicates the time after which the session 
>   will end no matter what (3 days here)
> - CSTP-Idle-Timeout indicates the time after which the session will 
>   end, with no traffic (30 minutes here)
> - CSTP-Disconnected-Timeout indicates the time after which the cookie will
>   become invalid, after disconnection (30 minutes here)

Those seem about right.

> However, my testing appears to show that the server starts to reject the 
> cookie (openconnect -C COOKIE) much sooner than any of these timeouts would 
> indicate, a few minutes.

Note that the session will also be terminated immediately if the client
signs off. If you terminate openconnect with SIGINT it'll close the
session. If you terminate it with SIGHUP or SIGTERM, it won't. (See the
man page).

-- 
dwmw2


-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5691 bytes
Desc: not available
URL: <http://lists.infradead.org/pipermail/openconnect-devel/attachments/20151220/879cc45e/attachment.bin>


More information about the openconnect-devel mailing list