The SSO cookie is build by the portal (as described in the login kinematic), or by the Handler for cross domain authentication (see CDA kinematic).
To edit SSO cookie parameters, go in Manager, General Parameters > Cookies:
-  Cookie name: name of the cookie, can be changed to avoid conflicts with other LemonLDAP::NG installations 
-  Domain: validity domain for the cookie (the cookie will not be sent on other domains) 
- 
-  Secured cookie: 4 options: - 
-  Non secured cookie- : the cookie can be sent over  HTTP-  and HTTPS connections 
 
-  Secured cookie: the cookie can only be sent over HTTPS 
-  Double cookie- : two cookies are delivered, one for  HTTP-  and HTTPS connections, the other for HTTPS only 
 
-  Double cookie for single session: as same, two cookies are delivered, but only one session is written in session database 
 
-  Javascript protection: set httpOnly flag, to avoid cookie been caught by javascript code 
-  Cookie expiration time- : by default,  SSO-  cookie is a session cookie, which mean it will be destroyed when the browser is closed. You can change this behavior and set a cookie duration, for example: 
 - 
-  +30s: 30 seconds from session creation 
-  +10m: ten minutes from session creation 
-  +1h: one hour from session creation 
-  +3M: three months from session creation 
-  +10y: ten years from session creation 
-  Thursday, 25-Apr-1999 00:40:33 GMT:  at the indicated time and date (but this is probably a bad idea) 
 
When you change cookie expiration time, it is written on the user hard disk unlike session cookie
Changing the domain value will not update other configuration parameters, like virtual host names, portal 
URL, etc. You have to update them by yourself.