The error messages are generally part of the normal operation of
Siteminder. They occur when a user's request presents a SMSESSION
cookie that has expired through an Idle timeout.
These are part of the normal operation of Web Agents, they occur when
users present a SMSESSION cookie that is not current, usually because
their sessions have expired.
As users access Siteminder-protected resources, they are directed to
log on and then get a SMSESSION cookie. However, after accessing the
initial resource and performing the protected task, many users will
then drift to other websites or perhaps leave their web browser
active, but idle for some time.
When the user, after this period of "inactivity" then accesses the
protected website, if they have not visited it within the time that
exceeds the IDLE timeout of the SMSESSION cookie then the Web Agent
will record the failed timestamp with the message "Warning: UNABLE TO
PROCESS SMSESSION" and re-direct the user to the authentication
scheme, usually the login page.
There will therefore be a number of these warnings seen in any
Webagent log and they are not a cause for alarm. In a webserver
environment with many active users and a short realm timeout, the
warning will occur more frequently.
Setting either a smaller or larger idle timeout for the protected
realm will influence the number of occurrences of this warning. An
analysis of the number of these warnings per hour will give a clue of
how many users are getting caught and having to re-logon.
Note:
This warning was not displayed in the SM5.x agents, and has caused
concern after upgrading from SM5.X agents, to SM6.X agents.
The warning is clearer in latter SM6 SP5 Agent CR releases where it
now has an updated message that indicates that the SMSESSION was
invalid due to a timeout
There are some other conditions under which the SMSESSION warning is
given, and if you have a situation where users are unable to access
the resource, and every request is received a "Warning: UNABLE TO
PROCESS SMSESSION" then you need to look for other causes, such as a
timing difference in the webservers or miscommunication between the
webagent and the policy server about the correct session decryption
keys.