Stateless Login Handler Stickiness

Christopher Bongaarts cab at
Wed Feb 6 16:11:52 EST 2013

On 2/6/2013 3:09 PM, Nate Klingenstein wrote:
> Users,
> If an IdP uses a stateless login handler like the one developed by OSU, is there a need for any session stickiness at all?
> Specifically, it's my understanding that the login/response generation process as a whole requires server-side statefulness(destination SP, etc. persisted in the IdP session) even if the login handler manages authentication state using a client-side state persistence mechanism like cookies.  Is that right, making ~5 minute session stickiness a requirement even in this case?

Typically yes (specifically, the login context is stored locally, not in 
the cookie; the session data is in the cookie).

%%  Christopher A. Bongaarts   %%  cab at          %%
%%  OIT - Identity Management  %%  %%
%%  University of Minnesota    %%  +1 (612) 625-1809    %%

More information about the users mailing list