AnsweredAssumed Answered

Detecting user session state from an unprotected URL

Question asked by mekondelta on Mar 26, 2012
Latest reply on Mar 30, 2012 by Chris_Hackett
We are using SM6 and have a 30min session timeout with a hard limit of 12 hours.

We would like to be able to detect from an unprotected page whether a user's session is valid or not.

An example use case would be for displaying a login/logout button for example. If a user's session has timed out then the next unprotected page they load should be able to show a "login" button as their session is no longer valid.

What I'm finding is that even though the SM session has timed out, I still get an sm_userdn request header and SMSESSION cookie coming through so I have no reliable way to test the session state.

Is there another way for me to test a user's SiteMinder session state from an unprotected URL?

Outcomes