I set IdentityTokenLifetime (https://github.com/DuendeSoftware/IdentityServer/blob/e9860c6488f90e8fbc11a4452b9dd111dbfae933/src/Storage/Models/Client.cs#L187) to a very small value 60 seconds, but after 60 seconds I (as user) refreshed page and I still remained signin, why is that? isn’t that I should be prompted to enter username and password again? My understanding is, IdentityTokenLifetime results an “exp” with the matching value in the id token’s payload, then this value is used to setup the user-to-relyingParty cookie’s expire time. So after 60 seconds, the cookie should expire, then why I am still being able to remain signin?

I set IdentityTokenLifetime to a very small value as 60 seconds, but after 60 seconds I refresh page and I still remain login, why is that? isn’t that I should be prompted to enter username and password again? My understanding is, IdentityTokenLifetime results an “exp” with the matching value in the id token’s payload, then this value is used to setup the cookie’s expire time. So after 60 seconds, the user-to-relyingParty cookie should expire, then why I am still being able to remain signin?