Forum Discussion
View in File Explorer - Cookies are only Persistent for a week
Thanks ChristianJBergstrom
We have SSO so the KMSI won't come up. The persistent cookie won't expire at windows or user forced signout.
From your link "Session timeouts for Microsoft 365" it feel like the persistent cookie for View In FIle Explorer will expire after "SharePoint Online 5 days of inactivity".
That could be irrelevant of the KMSI, any SSO or other settings. That could be an independant token between SO and Edge. I will record the last time I accessed SO from File Explorer and see if that lasts 5 days.
Maybe that is the design: Access the SO files from File explorer when you click the view in SO, while the connection will remain live depending on your settings, for up to 5 days.
TonyWilson No worries, it's an interesting question so had to jump on it. Out of curiosity, have your org. configured persistent browser session and/or sign-in frequency using CA? Let me know the outcome of your testing if you have the time for it, thanks.
- ChristianJBergstrom It requested to sign-in again after 8-9 days.
I used the file explorer daily for SharePoint and left OneDrive untouched.
On the 8th (or 9th) day, the file explorer connection to SharePoint was not happening (same with OneDrive)
So using it daily is not renewing the connection. I am just doing the same test again to verify if it is 8 or 9 full days (will try to access it an hour before and an hour after the 8th day anniversary.Is there any solution?
I found out that there are 2 cookies created in IE (not EDGE) the timeout is around 5 days. You cannot view the cookies, while cookies are now stored in a DAT file.
Maybe the cookies can be updated trough a script, every time the user logs on
We only have one policy, just forcing MFA to all users, excluding our internal IPs
No other condition is selected in that policyBesides that, we followed the documentation and added with powershell "Set-SPOTenant -UsePersistentCookiesForExplorerView $true" and then configured couple of local machines via the registry to have the view in file explorer dropdown in edge (verified that it was accepted in edge/policy)
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Edge\ConfigureViewInFileExplorer]
"1"="{ \"cookies\": [ \"rtFa\", \"FedAuth\" ], \"domain\": \"(TENANT).sharepoint.com\" }"
"2"="{ \"cookies\": [ \"rtFa\", \"FedAuth\" ], \"domain\": \"(TENANT)-my.sharepoint.com\" }"- Youโre on AD FS but not 2016? (see table)
https://docs.microsoft.com/en-us/windows-server/identity/ad-fs/operations/ad-fs-single-sign-on-settingsWin AD 2016 and Azure (P1) AD Connect with User Sign-in Seamless sso enabled
So AD FS 2016 with PSSO enabled and testing on a registered device.
...which probably had more than 14 days not accessing SharePoint from file explorer, that could have killed the cookie.
Very interesting link and something to study tomorrow with the team ๐ I will test the 14 days now window (accessing with File Explorer those document libraries daily but leaving the OneDrive one alone for two weeks)
I now have better understanding of the view in File explorer vs OneDrive sync, where the latter is an app doing constant syncing and authentication (when it is working, lol), while the view in File explorer relies on cookies and FS to keep the link live, which at some point, sooner or later, it will have to be manually re-activated.
It was designed as an alternative view while you are in SharePoint anyway, not a permanent tool for file explorer ๐
Thanks for pointing me to the right direction ChristianJBergstrom ๐
