SMSESSION cookie has expired and will not be used to authenticate
Article ID: 54568
How to solve the "SMSESSION cookie has expired and will not be used to authenticate." problem?
Release: All Component: Web agent
This error means the SMSESSION cookie has expired. SMSESSION cookie expired could be:
The user has reached the maximum idle timeout configured for a protected realm. You can create a response using the 'Web Agent-OnAuthAccept-Session-Idle-Timeout' response attribute to override this.
The user has reached the maximum realm timeout configured for a protected realm. You can create a response using the 'WebAgent-OnAuthAccept-Session-Max-Timeout' response attribute to override the maximum timeout value.
The time on the web agent and policy server is not in sync. By default, the Policy Server and Web Agent calculate time relative to Greenwich Mean Time (GMT). Therefore, for each system that has a Policy Server or Web Agent installed, the system clock must be set for the time zone appropriate to that system's geographical location.
If you flush all cache at the Policy server Admin UI, users who already authenticated may get this error or SMSESSION will be invalidated.