shibboleth-dev - RE: [Shib-Dev] sessionid, previous session, assertions - web gardens, web farms, concurrent sessionstate locking....
Subject: Shibboleth Developers
List archive
RE: [Shib-Dev] sessionid, previous session, assertions - web gardens, web farms, concurrent sessionstate locking....
Chronological Thread
- From: "Scott Cantor" <>
- To: <>
- Subject: RE: [Shib-Dev] sessionid, previous session, assertions - web gardens, web farms, concurrent sessionstate locking....
- Date: Sat, 9 May 2009 14:51:38 -0400
- Organization: The Ohio State University
Peter Williams wrote on 2009-05-09:
> is there a mental model one should have to understand the intent of the
SHIB
> IDP, in respect of when SAML2 sessionid values in the assertion change, if
> sessionid changes are affected (or not ) by use of previousSession
> AuthContext, if sessionid is tied to local cookies on the IDP, if
sessionid
> is a function of browser instances (cnrl-N, etc) or SSL Sessionids, or if
> sessionid vary each assertion (or each assertion group) in a response?
How about the code?
Session session =
getUserSession(requestContext.getInboundMessageTransport());
if (session != null) {
statement.setSessionIndex(session.getSessionID());
}
Seems clear to me (allowing that one understands the implementation of the
session manager used, which in this case is cookie-based.
-- Scott
- sessionid, previous session, assertions - web gardens, web farms, concurrent sessionstate locking...., Peter Williams, 05/09/2009
- Re: [Shib-Dev] sessionid, previous session, assertions - web gardens, web farms, concurrent sessionstate locking...., Peter Schober, 05/09/2009
- RE: [Shib-Dev] sessionid, previous session, assertions - web gardens, web farms, concurrent sessionstate locking...., Scott Cantor, 05/09/2009
Archive powered by MHonArc 2.6.16.