Migrating from non-persistent to persistent sessions
search cancel

Migrating from non-persistent to persistent sessions

book

Article ID: 260942

calendar_today

Updated On:

Products

SITEMINDER

Issue/Introduction

Customer wants to convert all their existing realms from non-persistent to persistent, but has concerns about preserving single sign-on during the migration as well as the migration effort.

Environment

Release : All

Resolution

Migrating to persistent sessions (persistent realms) will not disturb single sign on; users can seamlessly navigate between persistent and non-persistent realms.  If a user starts with a non-persistent session, it will be converted to persistent as soon as the user requests a protected resource from a persistent realm.  Once a user session is marked persistent, it remains persistent for the rest of that session.

To update a large number of realms to make them persistent, it's best to create a custom program with the SDK.  The only out of the box option is to use the AdminUI to update each realm individually.

Additional Information

Persistent sessions should not be confused with persistent cookies.  Session persistence is a realm property and affects whether the user's session is stored centrally in the Session Store.  Non-persistent sessions are not stored centrally which tends to be more efficient when the security features provided by persistent sessions are not needed.  Non-persistent sessions live only in the session cookie.

Persistent cookies are entirely independent of session persistence.  Persistent cookies are written to disk on the client computer and expire 7 days after the configured maximum session timeout that is set during authentication.  Non-persistent cookies (transient cookies) are used by default and are destroyed when the browser session ends.