When Siteminder is trying to validate SMSESSION cookie we are seeing the below error and user is unable to get to application:

smtracedefault log:

[Sm_Az_Message.cpp:828][CSm_Az_Message::FormatAttribute][s9/r2][<agent name>][][][][Protected Resource][Production][][][][][][][][][][][][][Invalid session token][Send response attribute 158, data size is 21][][][][][]
[Sm_Az_Message.cpp:828][CSm_Az_Message::FormatAttribute][s9/r2][<agent name>][][][][Protected Resource][Production][][][][][][][][][][][][][][Send response attribute 146, data size is 0][][][][][]
[Sm_Az_Message.cpp:828][CSm_Az_Message::FormatAttribute][s9/r2][<agent name>][][][][Protected Resource][Production][][][][][][][][][][][][][][Send response attribute 147, data size is 0][][][][][]
[Sm_Az_Message.cpp:598][CSm_Az_Message::SendReply][s9/r2][<agent name>][][][][Protected Resource][Production][][][][][][][][][][][][][][** Status: Not Authorized. Invalid session token][][][][][]

1) Please make sure session store instance is running and policy server is able to connect to it.
2) Session store should be enabled on all policy server instances
3) If the Session Stores are in replication, the replication must be in realtime. When the request is sent to another policy server and if the session data is not replicated then the user access would be denied.
4) It is also possible a proxy or a load balancer is sending cached SMSESSION cookie causing the session to be rejected as the session data would not found in the session store.
5) Ensure all policy servers are timely synchronized. If a session data was created by Policy Server at 1pm and one of the Policy Server's time is 3pm then the this other Policy Server may find the session data to be expired and delete them causing confusion. (Some NTP servers can cause the system time to intermittently go back and forth)