lazy sessions and .htaccess

[Cantor, Scott]

On 12/18/19, 9:42 AM, "users on behalf of Bill Tantzen" <users-bounces at shibboleth.net on behalf of tantz001 at umn.edu> wrote:

> I am also curious about what lazy sessions actually do

The self-invented term simply refers to content that does not require a session but consumes data from one if it exists so the SP has to know to process the requests in a different way than an active content rule. It cannot do anything useful unless something else causes the user to be logged in when that's necessary, and the use of them is tied into the nature of the application/content and how it's integrated with the SP.

> my application seems to work fine without them!  What is the upside to using them when they seem to do nothing!

They simply ensure the SP will process and attach user data to requests for the content when a session exists and ignore the requests if no session exists.

As Peter said, using them with no application doing explicit redirects to cause a login and/or no "active" session rules in place for some related content by definition means the SP is never actually used and should just be removed.

-- Scott