Shibboleth Developers

[Tom Scavo <>]

On Mon, 15 Nov 2004 18:56:21 -0500, Tom Scavo 
<>
 wrote:
> On Mon, 15 Nov 2004 18:14:10 -0500, Scott Cantor 
> <>
>  wrote:
> 
> 
> > >
> > > - More importantly, when the user requests
> > >
> > >  https://wayf.internet2.edu/InQueue/WAYF
> > >
> > > all cookies named _shib_idp are likewise sent along with the request
> > > (since each of the virtual directories is in the appropriate subtree).
> >
> > Umm...don't think so. Maybe I'm wrong, but I thought if you left the path
> > off for those cookies, you ended up constraining them to that subtree 
> > only,
> > in which case they won't be sent to the root path alone. Otherwise, you're
> > implying they are global to the tree, but then the names would collide...
> >
> > Am I confused?
> 
> One of us is, slightly. :-)

And that someone is me...I think I have it backwards, requests to the
subdirectories can see _shib_idp_history but not vice versa.  Oh well,
back to the drawing board...

> The paths for the various _shib_idp cookies are
> 
>  /InQueue/WAYF/sp1.edu
>  /InQueue/WAYF/sp2.edu
>  etc.
> 
> which make them distinct from one another.  The path for _shib_idp_history 
> is
> 
>  /InQueue/WAYF
> 
> A request for /InQueue/WAYF returns ALL cookies, one instance of
> _shib_idp_history and multiple instances of _shib_idp since each path
> is in the appropriate subtree.  That's the beauty of the "extra path"
> approach.
> 
> Cheers,
> Tom
>