JSESSIONID issues, Stale Session. (SameSite issue?)

Cantor, Scott cantor.2 at osu.edu
Thu Jan 20 16:49:35 UTC 2022

The SameSite page contains this text that needs to be more prominent:

"It is also likely that SAML proxying will be affected by this issue, because the POST back to the IdP from the proxied IdP will omit the necessary cookies to resume the flow, resulting in the "stale request" message."

It's not "likely", it's fact. The IdP will not function unless the original JSESSIONID is delivered back with the SAML POST intact.

-- Scott

More information about the users mailing list