User induced session stomping?

Chad La Joie lajoie at
Mon Aug 27 12:04:01 EDT 2012

The SSO login handlers have code that looks for these types of
conditions, and I believe the OP condition is checked for.  I don't
recall if it gives a specific exception that you could catch or if it
just logs differently.

On Mon, Aug 27, 2012 at 9:00 AM, Cantor, Scott <cantor.2 at> wrote:
> On 8/27/12 11:58 AM, "Chad La Joie" <lajoie at> wrote:
>>In theory, I think so.  I don't believe the IdP does do that, however.
>> In the case you noted you'll have one login context with a completed
>>authentication recorded.  In the case of the OP, you end up with
>>multiple login contexts none of which has completed.
> Yeah, I didn't think the IdP today did, just wondering if it was possible
> with the brute force error message testing I do. Mostly I wondered how
> Kevin knew that *that* was that cause of the error his users saw.
> -- Scott
> --
> To unsubscribe from this list send an email to users-unsubscribe at

Chad La Joie
trusted identities, delivered

More information about the users mailing list