Session initiation cookie flood
cantor.2 at osu.edu
Thu Sep 8 13:21:58 UTC 2022
> Isn't the session cookie starting with _shibsession* ?
"Session" meaning for the browser session, as in not persistent.
> Right now I am counting 66 _opensaml_req* cookies.
They get pruned during response handling, not requests, that's probably why. I'll probably reverse that when it's rewritten into Java, but for now it is what it is.
> Is there a way to set an expiration time?
More information about the users