We are facing an issue where users are unpredictably getting logged out much sooner than the max timeout while being active. For example, a user will login at 8:00am and even though the max timeout is set to 10 hours and the user is active, the user sometimes gets logged out at a time which is less than 10 hours (i.e 10:13am, 2:46pm etc.). While investigating our logs, we noticed that the SM_TIMETOEXPIRE value in the request header is much lower than it should be.
We are not able to determine what is causing this to occur, however there is one way we were able to reproduce the issue. Let’s say there are two applications that use the same Siteminder SSO. In Chrome, I open application #1 and am directed to the Siteminder SSO login. In another tab, I open application #2 and am directed to the Siteminder SSO login. On application #1, I login and in the logs I can see that the SM_TIMETOEXPIRE value is 10 hours as expected. Then I go back to the other tab where I’m at the login screen for application #2 and I login again with the same credentials (yes I know this defeats the purpose of SSO) and when I check the logs, I notice that the SM_SERVERSESSIONID in the request header is different for both logins and that one of the SM_TIMETOEXPIRE values is in tact and the other is drastically smaller (i.e. less than 120 seconds). Note: Users have experienced the premature logout without doing the above scenario where a user logs in twice in the same browser.
1) Are there any scenarios in which the user (who is active) is logged out earlier than the max timeout?
2) Are there any scenarios that would cause the SM_TIMETOEXPIRE max timeout value to drop drastically?
3) Is it possible for a user to login with the same credentials twice and be given two different session IDs? If so, does siteminder invalidate one of the sessions by drastically reducing the SM_TIMETOEXPIRE value on one of the sessions?
4) Any theories one what may be causing users to get prematurely logged out or to cause the SM_TIMETOEXPIRE value to drop drastically?
Source: New feed
{pubDate}