Thank you for your reply, please allow me to describe in point form:
a. about persistent cookies
I am referring to session vs persistent cookie, as described in this link:
basically session cookies get discarded when browser is closed.
b. Issue that we are facing
On gluu saml server version 2.4.4, user login to our site via saml (gluu server), when browser is closed and launched again to access our site, user login is required
now we upgraded to gluu version 3.1.1, user login to our site via saml (gluu server), when browser is closed and launched again to access our site, user login is granted by the gluu server automatically (without the need for user to enter password)
we would like to retain the behavior of gluu saml server 2.4.4, because user sometime simply close the browser instead of doing a proper logout, and our site contain sensitive information.
Thanks and appreciate your time and help, cheers.