Stateless Login Handler Stickiness
Christopher Bongaarts
cab at umn.edu
Wed Feb 6 16:11:52 EST 2013
On 2/6/2013 3:09 PM, Nate Klingenstein wrote:
> Users,
>
> If an IdP uses a stateless login handler like the one developed by OSU, is there a need for any session stickiness at all?
>
> Specifically, it's my understanding that the login/response generation process as a whole requires server-side statefulness(destination SP, etc. persisted in the IdP session) even if the login handler manages authentication state using a client-side state persistence mechanism like cookies. Is that right, making ~5 minute session stickiness a requirement even in this case?
Typically yes (specifically, the login context is stored locally, not in
the cookie; the session data is in the cookie).
--
%% Christopher A. Bongaarts %% cab at umn.edu %%
%% OIT - Identity Management %% http://umn.edu/~cab %%
%% University of Minnesota %% +1 (612) 625-1809 %%
More information about the users
mailing list