Roaming cache and CWP registration timer behaviour

  • 2
  • Idea
  • Updated 4 years ago
The current behaviour of the CWP Registration Timeout value configured under the CWP settings is that it only has an effect for as long as the session remains in the roaming cache.

If a user disconnects and does not reconnect for one hour or more (default roaming cache age out: 60 second update interval x 60 missing update age out  = 1 hour), they will be re-presented with the CWP regardless of the CWP Registration Timeout value.

I have had a number of customers express that this is not expected or desired behaviour. Especially for UAP CWPs, the hassle for users having to re-accept the UAP after they come back from lunch every day etc. is painful. Also, I have some customers that would like to extend the CWP Registration Timeout across multiple days (to prevent the user having to re-logon/re-accept UAP every single day), but this is not possible as when the client goes home each night, the roaming cache entry will age out.

Obviously it is possible to increase the roaming cache age out parameters, but this would have global consequences and is not really desirable.

So suggestion:

The roaming cache already tracks the CWP Registration Timeout across disconnects/reconnects via the "Session time" field and calculations on the "last time logout" field when a disconnect/reconnect occurs (decrementing the session time to keep it consistent with the original CWP authentication).

For CWP-authenticated sessions (and only these sessions), if the behaviour was to set the TLC value (roaming cache entry lifetime) based on the "Session time" (which for CWP is derived from the CWP Registration Timeout) rather than the calculated roaming cache ageout.

This would result in CWP not being re-presented to clients until the CWP Registration Timeout has expired, even if they disconnect from the network for longer than the roaming cache age out period.

I think there is logic in treating CWP as a "special case" in terms of session persistency logic. For other forms of authentication, we really don't need to maintain state for a long period of time, but for CWP, the hassle for users in having to - probably unexpectedly - revisit the CWP (especially when it comes to UAP acceptance) warrants it.

Photo of Roberto Casula

Roberto Casula, Champ

  • 231 Posts
  • 111 Reply Likes

Posted 4 years ago

  • 2
Photo of Paul Ainslie

Paul Ainslie

  • 25 Posts
  • 3 Reply Likes
I agree -- have the same issue!  We want our CWP registrations to time out after a month - but users have to log on every day!