User induced session stomping?

Cantor, Scott cantor.2 at
Mon Aug 27 12:00:46 EDT 2012

On 8/27/12 11:58 AM, "Chad La Joie" <lajoie at> wrote:

>In theory, I think so.  I don't believe the IdP does do that, however.
> In the case you noted you'll have one login context with a completed
>authentication recorded.  In the case of the OP, you end up with
>multiple login contexts none of which has completed.

Yeah, I didn't think the IdP today did, just wondering if it was possible
with the brute force error message testing I do. Mostly I wondered how
Kevin knew that *that* was that cause of the error his users saw.

-- Scott

More information about the users mailing list