search cancel

What is the non-persistent session validation flow?

book

Article ID: 253831

calendar_today

Updated On:

Products

SITEMINDER

Issue/Introduction

Please explain the flow of how the SMSESSION cookie is validated for a non-persistent session including the Agent cache.

 

Resolution

When the Agent receives the SMSESSION cookie, it extracts the Session ID and the Session Spec, and it checks them against the values stored in the User Session Cache.


If the Agent cache doesn’t contain corresponding entry, the Agent uses the Validate() call to pass the Session ID and the Session Spec to the Policy Server for validation.


If the validation succeeds, the Policy Server returns the updated Session Spec to the Agent. The Session ID is not modified in the course of validation.