1 of 1 people found this helpful
I use the same authentication setup. As far as I can tell, only the first TTL is what matters anyway when using this setup.
If the first authentication is set to 1 hour, and the user is in within that time, then the second request never happens anyway.
We have ours set to 8 hours. They authenticate once in the morning and that is it all day. So we only hit number 1 + 2 in the morning, and then never hit 2 again all day.
Jonathan is correct, Session TTL for the auth server is how long you will be authenticated for with the auth server. (How often your users would authenticate)
The second is to cache the group information, so if it is set to 60 minutes, this means it will look up X user's group information every 60 minutes. (How often to look up the user's group info)
Both do not need to match.