Jun 24, 2020 03:24 PM|mgebhard|LINK
It is typical for a remote authentication server to set a cookie as well. When the site authentication cookie expires, the browser is redirected to the remote authentication server. The remote server finds the cookie it set when the use logged in and redirect
back to your site.
This would be a configuration setting on Azure AD. From the docs...https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-configurable-token-lifetimes
Azure AD uses two kinds of SSO session tokens: persistent and nonpersistent. Persistent session tokens are stored as persistent cookies by the browser. Nonpersistent session tokens are stored as session cookies. (Session cookies are destroyed when the
browser is closed.) Usually, a nonpersistent session token is stored. But, when the user selects the Keep me signed in check box during authentication, a persistent session token is stored.
Nonpersistent session tokens have a lifetime of 24 hours. Persistent tokens have a lifetime of 90 days. Anytime an SSO session token is used within its validity period, the validity period is extended another 24 hours or 90 days, depending on the token
type. If an SSO session token is not used within its validity period, it is considered expired and is no longer accepted.
You can use a policy to set the time after the first session token was issued beyond which the session token is no longer accepted. (To do this, use the Session Token Max Age property.) You can adjust the lifetime of a session token to control when and
how often a user is required to reenter credentials, instead of being silently authenticated, when using a web application.