Because of the vulnerabilities in Security Scans(SCABBA) done for our applications, we added secure and HttpOnly to SMESSION cookie. Now we are facing the issue like when i am redirecting from one application to another(all are under single sign on) some time Session get invalidated withing 5-10 min. we are redirecting to Login page.
I hope SMSESSION fix we did is causing these problems but nor sure on it. Some where i got the below info
smsession cookie generated by siteminder is always encrypted format and is also highly secure manner. We can have secure & http-only flags to the siteminder cookies implemented but there may be some functionality issues after implementing these flags to the cookies likewise. (a) Seamless will break on moving from HTTP to HTTPs or vice versa (we have all https only) (b) There may be few session upholding issues (c) Logout functionality may break. These were few of the breakage which we experienced in last few cases.
Can anyone have idea on it?
Thanks in advance
-Regards, Raviteja Koditiwada