SP Sessions across multiple user facing server tiers
Alexander F. French
Alexander.F.French at dartmouth.edu
Mon Feb 5 14:56:03 EST 2018
>I'll be somewhat more brief: for members I'll spend the time helping with stuff like
> this in depth, and for non-members I just won't anymore. That's what changed last
>November. I'll skim and answer briefly occasionally, but that's about it.
That's actually really helpful info- we're Internet2 members but not Consortium members. It looks like several of our peer institutions are Consortium members. Good info to have (for my own gratification, it won't make it into anyone else's brains...) when going through conversations that start like "hey, the Identity Management guys tell me I need to figure out switching away from commercial product X to open source solution Y..."
>Shouldn't (not that that really helps in the big picture), they should just be separate
> cookies, or I don't really understand what separation you implemented in SP terms.
>Perhaps you have two separate SPs both acting in isolation, but they're both
>operating via ApplicationDefaults. You could control the cookie name on each one to
> isolate them, or just switch to ApplicationOverrides to get different cookie names
> generated but either way it's not going to fix the underlying issue of two separate
> sessions and AJAX.
Separate SPs, no coordination via processes or database, both operating via ApplicationDefaults. ApplicationOverrides would not solve the underlying issue.
Basically, you're response was enough to increase my confidence that I'm not overlooking obvious I should be considering, which is very helpful.
More information about the users