Hello!

We implemented the SSO Server in a Laravel app, to be used with two brokers. Our client's policy is so that cookies should have a TTL of one year. The thing is, we noticed that one of the broker gets sometimes synced to an "old session".

For example, I go on both brokers for the first time, they attach succesfully, I log myself in and everything works fine.

Later, I come back on broker 1, tries to identify myself, but when calling "getUserInfo" on the server, it returns an empty array, although broker 2 is still connected (userInfos are returned properly).

The onyl ""fix"" we have now is to clear the cookies on all sides, but this is very unpractical ... Is there something we can implement to handle this case?

You can reach me for more information if the issue in not complete enough!

Thank you very much

Fixed in v0.4. Brokers are not allowed to recreate a deleted session. This will result in an error response. It's up to your broker implementation to clear the cookies and re-attach.