Configure token or cookie settings
This topic describes how to configure the token or cookie settings for a realm.
Purpose
Token and cookie configurations define how SecureAuth Identity Platform maintains a user’s authenticated session after login. These settings determine how long a user stays signed in, how authentication information is stored, and how preferences are remembered across different realms or applications.
Proper configuration helps you balance security, session control, and user experience. For example:
Requiring SSL and setting cookie expiration strengthens security and compliance.
Using sliding expiration helps active users stay signed in without interruption.
Adjusting how cookies are issued ensures compatibility across browsers, devices, and client applications.
Configuring user preference cookies creates a more consistent login experience across multiple SecureAuth realms.
Prerequisites
SecureAuth® Identity Platform version 24.04 or later
Realm created for single-sign on (SSO)
Identity Platform configuration
In Advanced Settings (formerly Classic Experience), go to the Post Authentication tab.
In the Forms Auth / SSO Token section, click the View and Configure FormsAuth keys/SSO token link.
Forms Authentication section
 |
Set the following configurations:
Require SSL | Set whether to require SSL to view the token (True or False). |
Cookieless | Choose how the Identity Platform sends the token to the browser or device:
|
Sliding Expiration | Choose whether the cookie remains valid while the user interacts with the page (True) or expires after the timeout period (False). |
Timeout | Enter the number of minutes that a cookie remains valid. |
Tip
The Name, Login URL, and Domain fields do not require configuration.
Machine Key section
 |
Set the following configurations:
Validation | Keep the default value as SHA1, unless a different option (MD5, 3DES, AES) is required. |
Decryption | Keep the default value as Auto, unless a specific algorithm (DES, 3DES, AES) is required. |
Authentication Cookies section
 |
Set the following configuration:
Persistent – Choose whether the cookie expires after the timeout period (True) or when the session or browser closes (False).
The other fields do not require configuration.
User preference cookies section
User preference cookies store a user’s login and multi-factor authentication (MFA) choices. They are automatically created for all workflow types to remember the user’s previous login choices, such as the MFA method selected from radio buttons during log-in. By default, each realm creates its own cookie, but you can configure the same cookie names across realms or applications to reduce the number of cookies a user accumulates.
You can customize these cookie names to use the same value across realms. This ensures that a user’s preferences, such as their MFA choice or login mode, apply consistently across all SecureAuth integrations.
 |
Set the following configurations:
SecureAuth Login Cookie | Defines the name of the cookie that stores whether a user selected Public or Private mode at login.
|
Mfa Select Cookie | Defines the name of the cookie that stores the user’s last selected MFA method.
|
Note
The Mfa Select Cookie works independently from the Preferred Auto-Submit Method configuration. When the Preferred Auto-Submit feature is turned off or does not trigger, the MfaSelect cookie automatically selects the user’s last MFA choice if it appears in the list.