Apache HTTP digest authentication does not expire with AuthDigestNonceLifetime directive

Any idea why this configuration in /etc/apache2/sites-available/000-default.conf does not expire after 15 seconds?

<Directory /var/www/html/somedirectory/>         AuthName 'test'          AuthType Digest         AuthDigestDomain /         AuthDigestProvider file         AuthUserFile /var/login/anotherdirectory/.htdigest         AuthDigestNonceLifetime 15          Require valid-user </Directory> 

Note that I put this configuration block outside of a virtualhost so it will apply for both HTTP and HTTPS ports. I am testing on an IP address and not a domain name. I don’t really see the point of AuthDigestDomain but I think setting it to / is fine, I saw it in some examples.

I am using Debian 9.9 with Apache 2.4.25-3+deb9u7.

Thanks.