You may use either a shared secret or the plone.keyring ring of five secrets (shared with the plone.protect CSRF protection framework.)

The following properties may be set through the Properties tab:

Cookie validity timeout (in seconds): After this, the session is invalid and the user must login again. Set to 0 for the cookie to remain valid indefinitely. Note that when the user folder has caching enabled, cookie validity may not be checked on every request.
Use mod_auth_tkt compatible hashing algorithm: Compatibility with other implemenations, but at the cost of using a weaker hashing algorithm.
Cookie name: Which cookie to use. This must also be set on the `credentials_cookie_auth`` plugin.
Cookie lifetime (in days): This makes the cookie persistent across opening and closing the browser.
Cookie domain: A cookie may be shared across www1.example.com and www2.example.com by setting the cookie domain to ``.example.com``. (blank for the user's current domain)
Cookie path: What path the cookie is set valid (defaults to ``/``.)

Shared secret (enabled)

To enable logins between sites or other mod_auth_tkt systems, set the shared secret.

plone.keyring secrets (enabled)

This implementation uses a ring of five secrets: one of them is used to generate new session identifiters, the others are older signing secrets which are still considerd to be valid.

Invalidate all session identifiers

By clicking the button below you clear all secrets used to validate sessions. This will immediately log out all users who use session authentication and require them to log in again.

Create a new (signing) secret

By clicking the button below a new signing secret will be created and added to the ring. This will remove the oldest secret from the ring if there already were five secrets present.

PAGE HEADER

PAGE HEADER

Session identifier management

Shared secret (enabled)

plone.keyring secrets (enabled)

Invalidate all session identifiers

Create a new (signing) secret

PAGE FOOTER