_idp_session with idp

Rod Widdowson rdw at steadingsoftware.com
Mon Nov 12 06:24:59 EST 2012

That page is there entirely to help IdP deployers provide documentation to their users about cookie usage in jurisdictions which
require it.

I would strongly recommend *against* making any operational decisions or deployment (which seems to be behind your question) based
on the presence or absence or contents of these cookies, the precise details are liable to (which means they will) change at any
stage since this is not part of the fixed API which we guarantee..

If your interest is academic or you really want to pursue the options, the sources are freely available, further this is the sort of
question better asked in dev list.

> -----Original Message-----
> From: users-bounces at shibboleth.net [mailto:users-bounces at shibboleth.net] On Behalf Of MA Lanxin
> Sent: 12 November 2012 02:29
> To: Shib Users
> Subject: _idp_session with idp
> Hello,
> I have a questiona about session at IdP side.
> According to the page
> https://wiki.shibboleth.net/confluence/display/SHIB2/IdPCookieUsage
> Once a user has been authenticated they will have a long-lived session with the IdP which is tracked
> by a cookie named _idp_session. This cookie contains only information necessary for identifying the
> user's IdP session. This cookie is created a "session" cookie.
> My question is:
> Does the session(_idp_session) with IDP use tomcat session or http session?
> Can we see the seesionID? If yes, How can we get the session ID?
> Thanks a lot,
> REgards,
> Lanxin
> --
> To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net

More information about the users mailing list