secure_token_cookie_token_expires_time
Configures the expiration time for cookie tokens generated by the Secure Token module in NGINX.
Description
The secure_token_cookie_token_expires_time directive is instrumental in defining how long a cookie token remains valid once it is issued for content delivery, particularly when using CDN services like Akamai or CloudFront. This directive specifies the duration until the token expires, affecting the Expires and Cache-Control HTTP headers in responses. By customizing this expiration, administrators can control access to secured resources based on the token lifespan, enhancing security and managing cached content effectively.
When set, the value for this directive is usually specified in a time format, such as 10m for ten minutes or 1h for one hour. It is important that the time value is appropriate for the type of content being secured; for example, shorter durations may be better suited for dynamic content that knows frequent access updates, while longer durations might be used for static files. This flexibility enables NGINX users to tailor token behaviors to match specific workflow and security requirements.
This directive can be placed in http, server, or location contexts, allowing for granular control over different parts of an NGINX configuration. The absence of a default value means that if not specified, cookie tokens will not have a defined expiration, potentially leaving access unregulated until the session ends or the browser closes.
Config Example
http {
server {
secure_token_cookie_token_expires_time 30m;
location /content {
secure_token on;
}
}
}Ensure that the specified time does not exceed your security requirements, as a longer expiration time could leave resources vulnerable.
Remember to also configure related directives like secure_token_expires_time for overall consistency in token management.
Test different expiration times to avoid issues with cache and access control.