What information is present in the SMSESSIONSPEC in the SMSESSION cookie.

book

Article ID: 50532

calendar_today

Updated On:

Products

CA Single Sign On Secure Proxy Server (SiteMinder) AXIOMATICS POLICY SERVER CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On

Issue/Introduction

Solution:

The SMSESSIONSPEC is an encrypted ticket that contains information related to the user session.

If the session is validated from the Policy Server then session spec will change and the SMSESSION cookie will be changed as well, but in case "SessionGracePeriod" expires, session cookie will be re-computed as per the new key received but the session spec remains the same.

Only the Policy Server knows how to decode the information in the SMSESSIONSPEC.

The data the SMSESSIONSPEC contains are those listed below:

  • SessionVersion
  • SessionStartTime
  • SessionLastTime
  • SessionMaxTimeout
  • SessionIdleTimeout
  • SessionLevel
  • SessionId
  • SessionIp
  • SessionDn
  • SessionDirOid
  • SessionDirName
  • SessionUnivId
  • SessionType
  • SessionAnonymous
  • SessionImpersonatorName
  • SessionLoginName
  • SessionPersistent
  • SessionDrift
  • SessionImpersonatorDirName
  • SessionAuthContext

Environment

Release:
Component: SMPLC