iPlanetDirectoryPro cookie settings

Hi Experts,
How can i set or update the iPlanetDirectoryPro cookie for a specific realm?

Thanks

The session cookie in AM is not realm specific, the whole AM deployment uses one single session cookie.

ok thanks.What is the iPlanetDirectoryPro default timeout setup at, how can I update this?

thanks

Time session management can be configured here:

Realms > Realm Name > Services > Session > Dynamic Attributes

See documentation here:
https://backstage.forgerock.com/docs/am/7.2/security-guide/session-state-session-termination.html#session-max-timeout

You may want to check the Session section in the documentation for reference:
https://backstage.forgerock.com/docs/am/7.2/sessions-guide/preface.html

1 Like

Thanks for the info Gary. Right now am using 6.5 could you pls share for 6.5 one link kindly?

Hi Gery,
I had realms specific Dynamic attributes and also had Global services->session> dynamic attributes idle time out which one has precedence?

Realm configuration takes precedence.
You have max time, max idle time, max caching time, and active user sessions (if enforced at global level).

1 Like

Gery,
Confusing me with your below statement in quotes.I’ve defined at global services and at the realm , the max time out . Like at global I had 20 mins and realm 15 mins time out. which one will be considered?

You have max time, max idle time, max caching time, and active user sessions (if enforced at global level).

thanks

No problem.
The rule is local (i.e. realm level) takes precedence over global configuration. That means you may use the Global configuration as “default” value across all realms. So your realm has a max time out value of 15 minutes.
I am sorry if the statement was not clear. I think what was not really explained is only related to the active user sessions (and it is probably not even part of your question, but the distinction is important). This value sets the maximum number of sessions for one user. You have a global value, and a local value. However, this maximum number of session needs to be enforced. The property to enforce a maximum number of values is set globally only.
Therefore changing the maximum number of active sessions at a local level is only meaningful if the global enforcement is set. This has no impact on the other three parameters: max time, max idle time, and max caching time.
I hope it helps.