Stateless Login Handler Stickiness

Nate Klingenstein ndk at
Wed Feb 6 16:09:05 EST 2013


If an IdP uses a stateless login handler like the one developed by OSU, is there a need for any session stickiness at all?

Specifically, it's my understanding that the login/response generation process as a whole requires server-side statefulness(destination SP, etc. persisted in the IdP session) even if the login handler manages authentication state using a client-side state persistence mechanism like cookies.  Is that right, making ~5 minute session stickiness a requirement even in this case?


More information about the users mailing list