User induced session stomping?
Lukas Hämmerle
lukas.haemmerle at switch.ch
Tue Aug 28 08:40:28 EDT 2012
> I am seeing more of this (as well) during this fall startup than in the
> past. Maybe just a user thing. Users are trying to jump ahead of themselves
> and multi-task for some reason. :-)
One reason for this probably is that more and more browsers like Firefox
save the tabs/windows state upon quit. If a user is logged in on two or
more Shibboleth-protected web pages that have configured a default
Identity Provider and they quit their browser, this state might be saved.
So, if they restart the browser, the browser opens the URL to these
Shibboleth-protected web pages that then redirect the user to the
default IdP's login page.
Therefore, the user ends up with two or more open tabs showing the IdP
login page. But - due to the reason Chad mentioned - only one of the
tabs will actually work after authentication succeeded. The other tabs
will end up with a "no context found" error message.
Kind Regards
Lukas
--
SWITCH
Serving Swiss Universities
--------------------------
Lukas Hämmerle, Central Solutions
Werdstrasse 2, P.O. Box, 8021 Zurich, Switzerland
phone +41 44 268 15 05, direct +41 44 268 15 64
lukas.haemmerle at switch.ch, http://www.switch.ch
More information about the users
mailing list