_opensaml_req cookies
Jan Vilhuber
JVilhuber at absolute.com
Fri Jun 18 12:29:27 UTC 2021
I noticed recently that my browser (which I never close) is sending 20 (I found the limit of 20 hardcoded in cpp-sp) of the _opensaml_req cookies with requests to my shib-3.1.0 SP (and really any later requests that flow through that same gateway).
I noticed when I log in (from the Shibbolet.sso/POST API), the SP sends me back one such as this:
{
"_opensaml_req_ss:mc:72c1dde4746e3da50fdef4d9c46681853e205fb3fe085ee779cfe7ae6e567bbf": {
"expires": "2001-01-01T00:00:00.000Z",
"httpOnly": true,
"path": "/",
"samesite": "None",
"secure": true,
"value": ""
}
}
Since these are session cookies and the lifetime isn’t set, I think it makes sense that they never go away (since I never close my browser). Is that correct?
Would the ‘cookieLifetime’ (https://wiki.shibboleth.net/confluence/display/SP3/Sessions) affect these cookies and make them eventually expire and go away? Or does that only affect the _shibsession and possibly relay-state cookies?
What are these used for? I don’t use a shibboleth IDP, FWIW.
Regards,
Jan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20210618/8f43adec/attachment.htm>
More information about the users
mailing list