Session destruction relative to loadbalancer setting?

Russell Beall beall at usc.edu
Thu Jan 3 18:55:38 EST 2013 

Has anyone had trouble with SP sessions being destroyed based on what type of loadbalancer persistence is used?

I'm trying to help a department where their SP works fine when Source IP persistence is used, but when they turn on "Active Cookie" persistence, the SP calls for the destruction of the session and then tries to generate a new one (resulting in looping).

The shibd.log debug message shows that it is purposefully destroying the relevant session...
2013-01-02 16:47:36 DEBUG Shibboleth.Listener [1]: dispatching message (remove::StorageService::SessionCache)
2013-01-02 16:47:36 INFO Shibboleth.SessionCache [1]: removed session (_d5f1c71d90b3eeaf7b2a1590d5f787f6)

When the Source IP persistence is used, the SP simply finds the session and updates the expiration:
2013-01-02 16:45:31 DEBUG Shibboleth.Listener [1]: dispatching message (find::StorageService::SessionCache)
2013-01-02 16:45:31 DEBUG XMLTooling.StorageService [1]: updated expiration of valid records in context (_b49b25c7d07355aba73ac389334b1861) to (1357177531)

More of the SP log from the Active Cookie mode is below.

Thanks for any help,
Russ.



2013-01-02 16:47:36 DEBUG Shibboleth.SessionCache [1]: creating new session
2013-01-02 16:47:36 DEBUG Shibboleth.SessionCache [1]: storing new session...
2013-01-02 16:47:36 DEBUG XMLTooling.StorageService [1]: inserted record (session) in context (_d5f1c71d90b3eeaf7b2a1590d5f787f6) with expiration (1357177656)
2013-01-02 16:47:36 DEBUG XMLTooling.StorageService [1]: inserted record (_698ec7da7ccccb47d13b728595f1bacb) in context (_d5f1c71d90b3eeaf7b2a1590d5f787f6) with expiration (1357177656)
2013-01-02 16:47:36 INFO Shibboleth.SessionCache [1]: new session created: ID (_d5f1c71d90b3eeaf7b2a1590d5f787f6) IdP (https://shibboleth.usc.edu/shibboleth-idp) Protocol(urn:oasis:names:tc:SAML:2.0:protocol) Address (128.125.144.9)
2013-01-02 16:47:36 DEBUG Shibboleth.SSO.SAML2 [1]: ACS returning via redirect to: https://esdlbtest.esd.usc.edu/dms/myusc/authen.aspx
2013-01-02 16:47:36 DEBUG Shibboleth.Listener [1]: dispatching message (find::StorageService::SessionCache)
2013-01-02 16:47:36 DEBUG XMLTooling.StorageService [1]: updated expiration of valid records in context (_d5f1c71d90b3eeaf7b2a1590d5f787f6) to (1357177656)
2013-01-02 16:47:36 DEBUG Shibboleth.Listener [1]: dispatching message (remove::StorageService::SessionCache)
2013-01-02 16:47:36 INFO Shibboleth.SessionCache [1]: removed session (_d5f1c71d90b3eeaf7b2a1590d5f787f6)
2013-01-02 16:47:36 DEBUG Shibboleth.Listener [1]: dispatching message (default/Login::run::SAML2SI)

More information about the users mailing list