Session initiation cookie flood

Thu Sep 8 13:21:58 UTC 2022

>    Isn't the session cookie starting with _shibsession* ? 

"Session" meaning for the browser session, as in not persistent.

>    Right now I am counting 66 _opensaml_req* cookies.

They get pruned during response handling, not requests, that's probably why. I'll probably reverse that when it's rewritten into Java, but for now it is what it is.

>    Is there a way to set an expiration time?

No.

-- Scott