GopiReddyIrala

API Gateway - Issue with SMSESSION Cookie in the browser

Discussion created by GopiReddyIrala on Jun 20, 2018
Latest reply on Jun 27, 2018 by Mark.ODonohue

Hi All - 

 

Could you please have a look at the below issue and provide your thoughts. 

 

Below is the scenario / issue : 

 

1. API Gateway has a service called authenticate to validate the user's credentials and to send the SMSESSION cookie as a response

 

2. A Single Page Application  (SPA) calls the API Gateway's authenticate service with valid user credentials 

 

3. API Gateway validates the user's credentials and is  able to send the SMSESSION cookie in Response Cookies for that authenticate service. I am able to see the cookie in Developer's Tool as well . Assume that the SMSESSION cookie domain is .testdomain.com 

 

So far so good.

 

4. Now SPA redirects the user to the protected URL as the authentication is successful. For ex, the protected URL is https://dev.testdomain.com/protect/userprofile.html

 

5.For some reason, the SMSESSION cookie is NOT available on the https://dev.testdomain.com/protect/userprofile.html URL and the siteminder policy server is redirecting the user to the login page by assuming that there is no valid SMSESSION in the browser.

 

Issue  : Why is the SMSESSION cookie not available for the subsequent URLs even though the SMSESSION cookie is available on the same domain on the step # 3 above.

 

Any quick help is greatly appreciated as it is a critical issue for us. Thank you

 

Please let me know for any further details.

 

Thanks & Regards,

Gopi.

Outcomes