ADFS 3.0 Session Persistence

We've just completed an ADFS 2.0 to 3.0 cutover.  We now find that when logging into the ADFS URL and any Relying Party Trust sites, that once the browser is closed (any browser) the cookie is lost, and each time you open the browser you need to re-authenticate.  In ADFS 2.0, we did not see this behavior.  Microsoft is advising that adding the adfs page to IE Intranet zone will resolve (tested and works).  However, why was this not necessary in ADFS 2.0?  Are there any other settings that can be set so the cookies that are generated are Persistent, based on a TTL, instread of Browser Session Based cooklies?
LVL 1
fireguy1125Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

btanExec ConsultantCommented:
thought this article on Win2012 WAP managing the adfs sso and session persistency with trust timeout is relevant, I did not tested though
I have a hack to fix the problem by persisting their data entry values in a cookie, but I would rather resolve this with controlling the trust lifetime. I will be working with MS on this. The docs on ADFS 3.0 are terrible and we are struggling to find a solution...

I suspect at least the PersistentAccessCookieExpirationTimeSec setting is new based on this KB article (which may be of use beyond explaining that this was introduced in a hotfix). https://support.microsoft.com/en-us/kb/3020813 ....

Without knowing more about what you’re trying to do this is kind of a stab in the dark, but I would probably focus on InactiveTransactionsTimeoutSec in the first instance. I spotted a post on that setting which suggested increasing the value to 930 solved their problem, where some timeout was 900....
http://tristanwatkins.com/coordinating-adfs-2012-r2-token-lifetime-logon-prompt-enforce-revocation-session-duration-public-network/
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2012

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.