Symantec Access Management

  • Private Community

  • 1.  smsession cookie of one environment is overriding the cookie of another environment

    Posted Feb 27, 2018 01:45 PM

    We have 3 different environments, Dev,Test and Production.

    For some reason, Client wants to access them in the same browser.

    If Client has accessed test environment and then he logs in to the production environment then Production smsession cookie overrides the existing cookie for Test however its always Production cookie which overrides the Test smsession cookie never vice versa. 

    Similarly Dev smsession cookie overrides Production smsession cookie but never vice versa.

    I understand one way to address it would be renaming the cookies using SSOZones however that would be cumbersome process for the whole environment.

     

    Any Suggestions? #siteminderr12.52 #siteminder #single-sign-on #smsession



  • 2.  Re: smsession cookie of one environment is overriding the cookie of another environment

    Posted Feb 28, 2018 06:13 AM

    I am assuming cookie domain is same for all three environment here.

    If so, the only option is using security zones.



  • 3.  Re: smsession cookie of one environment is overriding the cookie of another environment

    Posted Feb 28, 2018 06:17 AM

    No, Cookie domain is different for all 3



  • 4.  Re: smsession cookie of one environment is overriding the cookie of another environment

    Posted Feb 28, 2018 06:19 AM

    What are they like?

     

    Sent from my iPhone



  • 5.  Re: smsession cookie of one environment is overriding the cookie of another environment

    Posted Feb 28, 2018 06:25 AM

    they are like: .test.x.com and x.com . Will they be treated as same?



  • 6.  Re: smsession cookie of one environment is overriding the cookie of another environment

    Posted Feb 28, 2018 06:28 AM

    It may. Depends on what is the configuration for CookieDomain, CookieDomainScope ACO param in each of the environment.


    Note, cookie created for .x.com is also submitted for domain “.test.x.com” by browser



  • 7.  Re: smsession cookie of one environment is overriding the cookie of another environment

    Posted Feb 28, 2018 07:22 AM

    Can the customer use incognito or private browsing to get round this?



  • 8.  Re: smsession cookie of one environment is overriding the cookie of another environment

    Posted Feb 28, 2018 01:01 PM

    unfortunately NO



  • 9.  Re: smsession cookie of one environment is overriding the cookie of another environment

    Posted Mar 01, 2018 07:13 AM

    Hi Satyendra,

     

    I would then say that only creating SSO Security Zones would help, especially for the environments sharing the .x.com domain. You already contemplated this option, but it was added for this purpose.

     

    Security Zones for Single Sign-on - CA Single Sign-On - 12.52 SP1 - CA Technologies Documentation 



  • 10.  Re: smsession cookie of one environment is overriding the cookie of another environment

    Posted Mar 01, 2018 07:31 AM

    Hello Albert,

    Though they are sharing .x.com but they are not exactly identical as one is  .test.x.com(cookie domain scope = 3) whereas other one is :  .x.com , Hence in my opinion they should be uniquely identifiable as cookie domain scope in case of .test.x.com is 3.

    let me know what you think



  • 11.  Re: smsession cookie of one environment is overriding the cookie of another environment

    Posted Mar 01, 2018 08:30 AM

    But you have 2 environments that will share the domain, right? I mean:

     

    You mentioned there are 3 different environments: Dev, Test and Prod. One uses .test.x.com (with a specific cookie domain scope set), and I understand Dev & Prod uses .x.com both, right?