Log messages appear in the Web Agent traces log file stating
"Unable to decode SMSESSION cookie"
and the users are not able to navigate between 2 applications protected by Single Sign On without being prompted for authentication again.
For seamless navigation among protected resources, the agents protecting those resources must share the same Agent Keys, used to decrypt the SMSESSION cookie.
When seeing messages like "Unable to decode SMSESSION cookie" - first check if agent keys are in sync, and also if there might be multiple sets of keys in your SiteMinder Key Store.