Destroying IdP sessions with client-side session storage
cantor.2 at osu.edu
Tue Oct 22 09:45:46 EDT 2019
On 10/22/19, 9:40 AM, "users on behalf of Wessel, Keith" <users-bounces at shibboleth.net on behalf of kwessel at illinois.edu> wrote:
> No HTMLLocal storage for the IdP, just client-side cookies. And yes to enforcing client address consistency. So, with
> that said, does the IdP check anything beyond the contents of the cookie for session validity?
Nothing I can think of.
More information about the users