IdP's Session Cookie
paul.hethmon at clareitysecurity.com
Thu Nov 1 09:14:34 EDT 2012
I'm pretty sure that session cookie is set regardless of the
PreviousSession handler being there or not. Even if session time is set to
0, I think it gets set. It's just immediately invalid.
On 10/31/12 11:36 PM, "Michael A Grady" <mgrady at unicon.net> wrote:
>If the PreviousSession handler is "turned off" (commented out in
>handler.xml), is there ever a time when an IdP session cookie
>(_idp_session) would still get written to the user's browser for any
>Michael A. Grady
>Senior IAM Consultant, Unicon, Inc.
>To unsubscribe from this list send an email to
>users-unsubscribe at shibboleth.net
More information about the users