Stateless Login Handler Stickiness
cantor.2 at osu.edu
Wed Feb 6 16:16:10 EST 2013
> If an IdP uses a stateless login handler like the one developed by OSU, is
> there a need for any session stickiness at all?
> Specifically, it's my understanding that the login/response generation
> process as a whole requires server-side statefulness(destination SP, etc.
> persisted in the IdP session) even if the login handler manages
> authentication state using a client-side state persistence mechanism like
> cookies. Is that right, making ~5 minute session stickiness a requirement
> even in this case?
Absolutely. That's not changing, we explicitly ruled out trying to avoid that requirement for V3. The conversation state is going to be server side.
More information about the users