Application session

An application session (also known as a local session) is created by the app when the user logs in through the Visma Connect Identity Provider. By default, an App session ends when the user logs out of the App. However, an app can choose to have an extended session by storing information in a cookie so the user won't need to authenticate each time they return. The session lifetime is managed by the App. Once the application session is over, the user must typically re-authenticate with the IdP.

IdP session

An IdP session is created by Visma Connect IDP when a user logs into the first app of the day. Each IdP session is bound to a specific user. The IdP session is active until it expires after a maximum of 10 hours, unless terminated before by an application. Visma Connect IdP maximum session lifetime is 10 hours, no matter if there is activity or not by the user. During these 10 hours Single Sign-On can be done to other Applications using Visma Connect IdP as their Identity Provider.

After 10 hours, if a user has not signed out, the IdP session expires and a logout request is sent to all applications part of the session that supports backchannel logout.

Each Application decides whether or not they want to expire their own Application session at the same time as the IdP session expires (by supporting backchannel logout), or they can have their own Application session expiring sooner or later than the IdP.

Visma Connect IdP as an OpenID Provider offers functionality to applications for verification of a user's session state.