API Gateway - Issue with SMSESSION Cookie in the browser

Discussion created by GopiReddyIrala on Jun 20, 2018
Latest reply on Feb 26, 2019 by Mark.ODonohue

Hi All - 


Could you please have a look at the below issue and provide your thoughts. 


Below is the scenario / issue : 


1. API Gateway has a service called authenticate to validate the user's credentials and to send the SMSESSION cookie as a response


2. A Single Page Application  (SPA) calls the API Gateway's authenticate service with valid user credentials 


3. API Gateway validates the user's credentials and is  able to send the SMSESSION cookie in Response Cookies for that authenticate service. I am able to see the cookie in Developer's Tool as well . Assume that the SMSESSION cookie domain is 


So far so good.


4. Now SPA redirects the user to the protected URL as the authentication is successful. For ex, the protected URL is


5.For some reason, the SMSESSION cookie is NOT available on the URL and the siteminder policy server is redirecting the user to the login page by assuming that there is no valid SMSESSION in the browser.


Issue  : Why is the SMSESSION cookie not available for the subsequent URLs even though the SMSESSION cookie is available on the same domain on the step # 3 above.


Any quick help is greatly appreciated as it is a critical issue for us. Thank you


Please let me know for any further details.


Thanks & Regards,