cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
4621
Views
2
Helpful
12
Replies

Duo Access Gateway: Session timeout isn't effective

bradvido1
Level 1
Level 1

We have set our session timeout on our DAG server to 86400 (one day), but users are still prompted to log in much more frequently.

Has anyone else had luck persisting DAG sessions for a long time?

Any tips would be much appreciated.

12 Replies 12

JohnMaguire1
Level 1
Level 1

Hi @bradvido,

This is a known issue and we expect to have a fix in the next release of the Duo Access Gateway. May I ask whether you are using the Windows or Linux version of the Duo Access Gateway?

Thanks!

We are using the windows version with the latest installer.

In the meantime, I have manually edited the config php file and increased the timeout and restarted IIS. Will this fix it? DAG is running, but i’m unsure if the changes are working because it hasn’t been enough time.

Lastly, is there an eta on the fix or a way to subscribe to it? Github issue or similar?

Hi @bradvido,

The issue we have identified is due to the following PHP configuration option the following: session.gc_maxlifetime = 1440

This causes PHP to clear sessions that are older than 24 minutes, even when the “Session Duration” is set longer. While we don’t generally suggest customers modify the software or configuration by hand, you may try adjusting 1440 to something much higher, such as 604800 (one week).

You will need to restart the PHP-FPM process in IIS in order for changes to the PHP configuration to take effect.

We expect the issue will be fixed in the next release. There is no exact timeline of when we will release the next DAG, but we expect a release sometime in Q2.

You can find information about new releases in the sidebar of the Duo Admin Panel Dashboard, or you can subscribe to the Release Notes category on community (click the circle in the top right).

@JohnMaguire Awesome, thanks for the detailed responses! We will test the manual change until the fix is released

bradvido1
Level 1
Level 1

@JohnMaguire We have updated the session.gc_maxlifetime in php.ini and restarted IIS.

Do you know if we also need to change any of the settings in config.php, such as session.state.timeout or session.cookie.lifetime in order for this to work, or should setting the session duration in the DAG Admin GUI be sufficient?

Hi @bradvido,

Simply setting the session duration in the admin panel should be sufficient. The application will handle the timeout.

JohnMaguire1
Level 1
Level 1

Just wanted to post a quick update that this issue should be resolved for new installs of Duo Access Gateway 1.5.3 on Windows, and both new and existing installs of Duo Access Gateway on Linux.

In some cases, the fix may not apply to Windows upgrades. If you’ve stumbled across this thread, and upgrading to Windows Duo Access Gateway 1.5.3 does not fix your issue, please try the workaround suggested above.

great. I’ll test it out when we get a chance, but since we implemented the fix manually, it’s been working

JohnMaguire1
Level 1
Level 1

Yep, you should be set with that. The installer just sets the value in that config file to the higher number.

David_Macintire
Level 1
Level 1

WE are on version 1.5.2 Linux, what is the process of upgrading to the newest version. we are getting the 24 min time out.

bradvido1
Level 1
Level 1

@JohnMaguire any thoughts on why the session duration doesn’t work on mobile browsers?

DAG SSO expiration time on mobile browsers

I’d appreciate any insight you may have.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Quick Links