JSESSIONID issues, Stale Session. (SameSite issue?)

Tony Skalski ajs at stolaf.edu
Thu Jan 20 17:55:15 UTC 2022 

> We just started having the issue appear significantly yesterday

Same here. We have seen it occasionally since our upgrade to 4 and switch
to a SAML proxy (last summer), but it seems to have gotten worse in the
past few days.

On Thu, Jan 20, 2022 at 11:32 AM Etan Weintraub via users <
users at shibboleth.net> wrote:

> We just started having the issue appear significantly yesterday, and have
> been trying to track down what the cause is or how we can fix it, and we
> literally just identified it as a jsessionID issue about an hour ago.
>
> Scott- Is there a way for us to fix this on our side, or are we just
> completely hosed and need to not use SAML Proxy Auth?
>
> -Etan E. Weintraub
> IT Architect
> Enterprise Authentication & Cloud Workspace
> IT at Johns Hopkins
> Johns Hopkins at Mt. Washington
> 5801 Smith Ave.
> Davis Building Suite 3110B
> Baltimore, MD 21209
> E-mail: eweintra at jhmi.edu
> Pronouns: he, him, his
>
>
>
>
> -----Original Message-----
> From: users <users-bounces at shibboleth.net> On Behalf Of Cantor, Scott
> Sent: Thursday, January 20, 2022 11:50 AM
> To: Shib Users <users at shibboleth.net>
> Subject: Re: JSESSIONID issues, Stale Session. (SameSite issue?)
>
>
>       External Email - Use Caution
>
>
>
> The SameSite page contains this text that needs to be more prominent:
>
> "It is also likely that SAML proxying will be affected by this issue,
> because the POST back to the IdP from the proxied IdP will omit the
> necessary cookies to resume the flow, resulting in the "stale request"
> message."
>
> It's not "likely", it's fact. The IdP will not function unless the original
> JSESSIONID is delivered back with the SAML POST intact.
>
> -- Scott
>
>
> --
> For Consortium Member technical support, see
> https://shibboleth.atlassian.net/wiki/x/ZYEpPw
> To unsubscribe from this list send an email to
> users-unsubscribe at shibboleth.net
> --
> For Consortium Member technical support, see
> https://shibboleth.atlassian.net/wiki/x/ZYEpPw
> To unsubscribe from this list send an email to
> users-unsubscribe at shibboleth.net
>


-- 
*Tony Skalski (he/him/his)*
System Administrator | IT
Office: 507-786-3227 <(507)786-3227>
1510 St. Olaf Avenue Northfield, MN 55057
stolaf.edu
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20220120/10ca24c6/attachment.htm>

More information about the users mailing list