Duo Access Gateway: Session timeout isn't effective

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-15-2018 06:31 AM
We have set our session timeout on our DAG server to 86400 (one day), but users are still prompted to log in much more frequently.
Has anyone else had luck persisting DAG sessions for a long time?
Any tips would be much appreciated.
- Labels:
-
Cloud

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-15-2018 08:44 AM
Hi @bradvido,
This is a known issue and we expect to have a fix in the next release of the Duo Access Gateway. May I ask whether you are using the Windows or Linux version of the Duo Access Gateway?
Thanks!

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-15-2018 08:57 AM
We are using the windows version with the latest installer.
In the meantime, I have manually edited the config php file and increased the timeout and restarted IIS. Will this fix it? DAG is running, but i’m unsure if the changes are working because it hasn’t been enough time.
Lastly, is there an eta on the fix or a way to subscribe to it? Github issue or similar?

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-15-2018 10:50 AM
Hi @bradvido,
The issue we have identified is due to the following PHP configuration option the following: session.gc_maxlifetime = 1440
This causes PHP to clear sessions that are older than 24 minutes, even when the “Session Duration” is set longer. While we don’t generally suggest customers modify the software or configuration by hand, you may try adjusting 1440
to something much higher, such as 604800
(one week).
You will need to restart the PHP-FPM process in IIS in order for changes to the PHP configuration to take effect.
We expect the issue will be fixed in the next release. There is no exact timeline of when we will release the next DAG, but we expect a release sometime in Q2.
You can find information about new releases in the sidebar of the Duo Admin Panel Dashboard, or you can subscribe to the Release Notes category on community (click the circle in the top right).

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-15-2018 11:39 AM
@JohnMaguire Awesome, thanks for the detailed responses! We will test the manual change until the fix is released

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-16-2018 05:40 AM
@JohnMaguire We have updated the session.gc_maxlifetime
in php.ini and restarted IIS.
Do you know if we also need to change any of the settings in config.php, such as session.state.timeout
or session.cookie.lifetime
in order for this to work, or should setting the session duration in the DAG Admin GUI be sufficient?

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-16-2018 06:10 AM
Hi @bradvido,
Simply setting the session duration in the admin panel should be sufficient. The application will handle the timeout.

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-18-2018 12:56 PM
Just wanted to post a quick update that this issue should be resolved for new installs of Duo Access Gateway 1.5.3 on Windows, and both new and existing installs of Duo Access Gateway on Linux.
In some cases, the fix may not apply to Windows upgrades. If you’ve stumbled across this thread, and upgrading to Windows Duo Access Gateway 1.5.3 does not fix your issue, please try the workaround suggested above.

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-18-2018 02:30 PM
great. I’ll test it out when we get a chance, but since we implemented the fix manually, it’s been working

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-18-2018 02:42 PM
Yep, you should be set with that. The installer just sets the value in that config file to the higher number.

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-20-2018 08:33 AM
WE are on version 1.5.2 Linux, what is the process of upgrading to the newest version. we are getting the 24 min time out.

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-20-2018 08:56 AM
@David_Macintire You might find this helpful:

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-19-2019 06:17 PM
@JohnMaguire any thoughts on why the session duration doesn’t work on mobile browsers?
DAG SSO expiration time on mobile browsers
I’d appreciate any insight you may have.
