IdP session and consistentAddress

Cantor, Scott cantor.2 at
Sat Apr 2 20:31:15 EDT 2016

> 	Does the IdP maintain two sessions for two diffrent IPs adresses ?
> Does it invalidate the first one ?

It doesn't invalidate the first one but in the normal case that it's not a deliberate attack, the client's session cookie will be updated with a new session ID so the original one is orphaned.

> Is there any arguments against turning idp.session.consistentAddress off ?

NAT and the like.

-- Scott

More information about the users mailing list