Q: Session timeout?

[mikeapp]

Story

We should decide on the length of an active login session for DCS. Secondarily we should check the settings in Cognito for the valid duration of the security tokens.

Acceptance

• [x] Did we set a session timeout or are we relying on default values?
• [ ] Check the security token validity duration in Cognito

[K8Sewell]

For Management - session timeout set to 30 minutes with this PR For Blacklight - session timeout set to 12 hours with this PR

[K8Sewell]

I do not have access to the Cognito set up in AWS so will likely need help from Jason Wu @jasonwuyale to investigate the current configuration. During my research I found that the default timeout is 1 hour, it can be set anywhere between 5 minutes and 1 day, and that the configuration is customizable.

References:

• https://repost.aws/questions/QU2xcFEBfGQi-eqkaimArnEg/cognito-custom-auth-session-duration
• https://stackoverflow.com/questions/42712872/how-to-modify-expiry-time-of-the-access-and-identity-tokens-for-aws-cognito-user
• https://docs.aws.amazon.com/cognito/latest/developerguide/amazon-cognito-user-pools-authentication-flow.html
• https://docs.aws.amazon.com/cognito/latest/developerguide/amazon-cognito-user-pools-using-tokens-with-identity-providers.html