AnsweredAssumed Answered

2 SMSESSION cookies with request

Question asked by SamWalker on Feb 24, 2017
Latest reply on Mar 3, 2017 by Ujwol Shrestha


Some times(most times) when I authenticate to Policy server(tried IWA/Basic) , I get 2 SMSESSION cookies. I am not sure since when it started to happen but only realized this week as we tried to implement persisent sessions. For every authentication, there is a persistent session created in session store, which I can confirm by looking at the count. Session timeout is set to 90 days in SiteMinder resource realm. However , upon authentication when the cookies are set in my browser, I have 2 SMSESSION cookies, one of them has 'Expiry Date'(indicating that its a persistent cookie) , and the other SMSESSION has no 'Expiry' which means browser will discard it upon closing the browser. Upon subsequent HTTP transactions of the same request, browser keeps one of the 2 SMSESSIONs. If it chooses to keep the one with 'Expiry Date', then my session continues even after I restart my browser multiple times. This will work until I clear my browser cache manually.  

However, if my browser chooses to keep the one without 'Expiry Date', then my session is lost upon closing the browser. What can be happening here?  


Webagent version: 

Product Name=CA SiteMinder Web Agent 




Build Number=427 

policy Server: 

ProductName=CA SiteMinder Policy Server