JSESSIONID issues, Stale Session. (SameSite issue?)

Etan Weintraub eweintra at jhmi.edu
Thu Jan 20 18:12:49 UTC 2022

We have those set in idp.properties:
idp.cookie.sameSite = None
idp.cookie.sameSiteCondition = shibboleth.Conditions.TRUE

We are still seeing the issue though, mostly with Firefox, which we also seem 
to have significant users with, but also with Edge and Chrome.

-Etan E. Weintraub
IT Architect
Enterprise Authentication & Cloud Workspace
IT at Johns Hopkins
Johns Hopkins at Mt. Washington
5801 Smith Ave.
Davis Building Suite 3110B
Baltimore, MD 21209
E-mail: eweintra at jhmi.edu
Pronouns: he, him, his

-----Original Message-----
From: Cantor, Scott <cantor.2 at osu.edu>
Sent: Thursday, January 20, 2022 12:43 PM
To: Shib Users <users at shibboleth.net>
Cc: Etan Weintraub <eweintra at jhmi.edu>
Subject: Re: JSESSIONID issues, Stale Session. (SameSite issue?)

      External Email - Use Caution

> Scott- Is there a way for us to fix this on our side, or are we just
>    completely hosed and need to not use SAML Proxy Auth?

Personally, I think you should ban Chrome, but more seriously, we provided the 
SameSite features we can provide in 4.0.  Whether you care enough to avoid 
breaking old Macs is really more the issue.

-- Scott

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 6666 bytes
Desc: not available
URL: <http://shibboleth.net/pipermail/users/attachments/20220120/9a4c6c77/attachment.p7s>

More information about the users mailing list