idp.session.consistentAddress and real security implications.
cantor.2 at osu.edu
Wed Apr 27 13:41:07 EDT 2016
On 4/27/16, 1:30 PM, "users on behalf of Jeffrey Crawford" <users-bounces at shibboleth.net on behalf of jeffreyc at ucsc.edu> wrote:
>Can you elaborate on "stored data is on the server"? would this be "idp.session.StorageService = shibboleth.StorageService"
I'm speaking generally of any storage plugin that stores the data on the server.
>Would this be the case if server being set to "idp.session.StorageService = shibboleth.ClientSessionStorageService"
That stores the data in a separate cookie or in local storage depending on other settings. All of that is decently documented now.
More information about the users