Home Forums CA Single Sign-On [RESOLVED] How PS validates the SMSESSION cookie which is created by another PS? Reply To: [RESOLVED] How PS validates the SMSESSION cookie which is created by another PS?

#478

ujwols
Keymaster

Hi Dhilip,

It doesn’t matter which policy server validates the session.
Here are few validation that it does during this :

1. Ensures that both Session ID and Specs are NOT empty.
2. Decrypts Session Specs.
3. Checks if session is persistent or not.
4. If persistent session, check if the session exist in the session store.
5. Checks if the Session ID match
6. Checks if the Client IP address match.
7. Validates Max and Idle Time out
8. Vaidates if the User Name match.

Does that clarify your question ?

Regards,
Ujwol