For tracking: I had to re-login today after today's page.

FWIW, the answer we got from VO (before Splunk) was that it was configurable on their end and we were granted a 90 day session expiration.

TODO:

• document default log-out scenarios in this ticket
• collect feedback for anything configurable and set to desired settings(tm)

As an additional data point, I noticed being logged out of VO past an upgrade of $something (maybe VO logout happens on user agent change)

I have reached out to Splunk and asked a few questions about session lifetime for web and mobile and possible logout scenarios.

Here are my findings:

• The web app keeps users logged in for seven days, regardless of how login happens (via SSO/traditional auth).
• The mobile SSO login has a default seven days session lifetime.
• The mobile token is configurable and possible to extend the logout SSO token for mobile. However, those changes would need to happen on the Splunk on-call backend and be performed by their support staff

Other possible logout scenarios:

• Force log out (web)
• Clearing cache will require to (re-)authenticate (web)
• On mobile, "hard closing" the app will require (re-)authentication

Other notes:

• (Splunk) Deployments will not cause logout in most cases
• If (Splunk) deployments are identified to cause logouts, I've been informed Splunk notifies on these prior to the log out events ocurring.

In T284215#7139285, @colewhite wrote:

FWIW, the answer we got from VO (before Splunk) was that it was configurable on their end and we were granted a 90 day session expiration.

do we still want to shoot for 90 days?

another chat with support today and requested 90 days for mobile sessions on production. This change has been implemented in VO/Splunk Production and on the Sandbox as well. Closing and if there is new information please reopen.