SP Sessions across multiple user facing server tiers

Cantor, Scott cantor.2 at osu.edu
Mon Feb 5 12:41:12 EST 2018

> I will be very verbose, and hopefully in that verbosity will be clear:

I'll be somewhat more brief: for members I'll spend the time helping with stuff like this in depth, and for non-members I just won't anymore. That's what changed last November. I'll skim and answer briefly occasionally, but that's about it.

> UNTIL- the user tries to connect to both the Foo tier and the Bar tier,
> particularly by connecting to the Foo tier and then in-browser talking to web
> services on the Bar tier.

In Shibboleth terms separate Application overrides means separate sessions and cookies and that causes the extra redirect, which in non-full-frame cases will fall on its face certainly.

>  And then
> the next connection to the Foo tier is also unsuccessful, because the browser
> lost its Shib session cookie when it failed to connect to the Bar tier.

Shouldn't (not that that really helps in the big picture), they should just be separate cookies, or I don't really understand what separation you implemented in SP terms. Perhaps you have two separate SPs both acting in isolation, but they're both operating via ApplicationDefaults. You could control the cookie name on each one to isolate them, or just switch to ApplicationOverrides to get different cookie names generated but either way it's not going to fix the underlying issue of two separate sessions and AJAX.

-- Scott

More information about the users mailing list