November Happy Hour will be moved to Thursday December 5th.

Auth cookie expiration in Optimizely UI (edit/admin)

Vote:
 

We are using mixed mode auth using Okta for Optimizely editors and Azure B2C for end users. Right now we share the same cookie auth scheme (to be able to keep the Optimizely Quick Navigator).

We have set cookie expiration. We noticed that Optimizely UI (edit/admin) does not handle cookie expiration that very gracefully. Api endpoints fails and unexpected errors just pops up in the notification area. Not the best editor experience. Editor can reload (rechallange on the idp) and everything is fine until next expiry.

Didn't Optimizely UI have auto-logout prompt at some point? So if the editor leaves for lunch we will have the prompty on the screen when he comes back (and the cookie has expired)?

Are we taking the wrong approach? (short expiration is a customer security requirement)

#286360
Aug 30, 2022 9:28
Vote:
 

Hi Palle,

Did you find an answer to this?
We are in the same kind of situatuion.

#297973
Mar 09, 2023 13:11
Vote:
 

Hi Palle and Felicia

I once had similar errors in a setup with Azure AD, where the editor authentication would expire after some idle time.

The issue was that API requests would be redirected to the login page (with 302 Found), which was not taken well by the editor UI. So I changed it to return 401 for editor API requests. If you set up the integration according to the CMS 12 documentation, this should already be handled.

Do you have custom handlers in the OnRedirectToIdentityProvider event handler that overrides the 401 status code?

#298244
Mar 13, 2023 19:38
* You are NOT allowed to include any hyperlinks in the post because your account hasn't associated to your company. User profile should be updated.