SMSESSION cookie has expired and will not be used to authenticate
search cancel

SMSESSION cookie has expired and will not be used to authenticate

book

Article ID: 54568

calendar_today

Updated On: 10-16-2023

Products

SITEMINDER

Issue/Introduction

How to solve the "SMSESSION cookie has expired and will not be used to authenticate." problem?

Environment

Release: All
Component: Web agent

Resolution

Solution:

This error means the SMSESSION cookie has expired. SMSESSION cookie expired could be:

  1. The user has reached the maximum idle timeout configured for a protected realm.
    You can create a response using the 'Web Agent-OnAuthAccept-Session-Idle-Timeout' response attribute to override this.
  2. The user has reached the maximum realm timeout configured for a protected realm.
    You can create a response using the 'WebAgent-OnAuthAccept-Session-Max-Timeout' response attribute to override the maximum timeout value.
  3. The time on the web agent and policy server is not in sync.
    By default, the Policy Server and Web Agent calculate time relative to Greenwich Mean Time (GMT). Therefore, for each system that has a Policy Server or Web Agent installed, the system clock must be set for the time zone appropriate to that system's geographical location.
  4. If you flush all cache at the Policy server Admin UI, users who already authenticated may get this error or SMSESSION will be invalidated.
Powered by Wolken Software