Our web app users occasionally get redirected to out SiteMinder cookie provider. There is no discernible pattern at this point as to why they are being redirected. We see the error message "Unable to decode SMSESSION cookie" in the web agent trace log. I have attached an anonymized snippet of the log with this error message. This is a particular issue for our application, which is a single page JS app, since most traffic is XMLHttpRequest traffic and we get a CORS error when the redirection happens because the cookie provider is in a different domain than our application. To get around the CORS issue, we rely on the initial HTTP GET request that loads the app to go through the process of obtaining a cookie and all XMLHttpRquests subsequent to that initial request should have a valid SMSESSION, however, users occasionally get redirected before the session should have expired and we are trying to determine the cause. We are also looking for ways to allow the XMLHttpRequests to obtain a new SMSESSION without encountering a CORS error. One though is to proxy to the cookie provider though our Apache agents. Wondering if this is a practical approach?