Controlling the lifetime of the LTPA Token in IBM Security Verify Access for Web

Controlling the lifetime of the LTPA Token

By default, the lifetime of the LTPA cookie is set to the lifetime of the session that was used to create the token. For a more fine-grained approach, we can modify the update-cookie configuration entry in the [ltpa] stanza. This entry controls the frequency at which the token is updated with a new lifetime timeout. This configuration entry affects the LTPA cookie that WebSEAL issues to clients. It is the lifetime of the cookie specified by the cookie-name configuration entry in the [ltpa] stanza.

The default value of -1 indicates the token is never updated and the lifetime of the token is equal to the maximum session lifetime.
A value of zero indicates the lifetime of the token is updated on every request. This configuration provides the functional equivalent of the inactivity timeout to the token.
A positive number indicates the number of seconds that elapse between updates of the token. This configuration provides a less fine-grained equivalent of the inactivity timeout to the token.

Carefully consider Whether to enable this configuration entry in the environment. The cost of creating the LTPA token and adding it to the HTTP response can outweigh the benefits gained by achieving an inactivity timeout for the token.
Parent topic: LTPA authentication