FIX: Sliding expiration for authentication cookie isn't working and fails to redirect to logon page in SSRS 2016 and 2017

Applies to: SQL Server 2016 DeveloperSQL Server 2016 EnterpriseSQL Server 2016 Enterprise Core


Assume that you have enabled the sliding expiration property and set an appropriate time-out interval in Microsoft SQL Server 2016 and 2017 Reporting Services (SSRS) web portal. After the time-out value for the authentication cookie expires, the web portal does not automatically redirect to the logon page. Additionally, you may notice that the web portal is stuck in spinning after the time-out value.

This problem occurs because sliding expiration resets the expiration time for a valid authentication cookie if a request is made, and more than half of the time-out interval has elapsed. If the cookie expires, the user must re-authenticate.


This issue is fixed in the following cumulative updates for SQL Server:

       Cumulative Update 4 for SQL Server 2017 

       Cumulative Update 6 for SQL Server 2016 SP1


Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.


Learn about the terminology that Microsoft uses to describe software updates.