The Session ID of the Broker and ajax-Broker is different

Question

The Session ID of the Broker and ajax-Broker is different

xiaojunlu opened this issue 4 years ago · comments

broker: a.com
ajax-broker: b.com

When I set above，I find their session id is different！when I Have logged in a.com, b.com can not gets the logged in status。

you can help me figure out why？

Arnold Daniels · Answer 1 · Wed Nov 04 2020 06:24:58 GMT+0800 (China Standard Time)

The session id of the brokers are not relevant. Only the session id of the SSO server matter. You don't need to start a session on the broker. Each broker generates creates an sso_token and sso_verify cookie.

For questions that aren't (reproducible) bugs, please use stackoverflow. If you're question isn't answered by the community in a couple of days, I'll surely pick it up (just put Jasny in the title).

Antoine Guillien · Answer 2 · Wed Apr 21 2021 23:31:00 GMT+0800 (China Standard Time)

Hello there @jasny , I'm running into the same issue.

I got my SSO server setup in a.com, which also has a broker setup and I've got another broker in b.com

When using only browser redirect, I can see in the sso server logs

Broker request with session  {"broker":"brokerAName","token":"a","session":"a"}
Broker request with session  {"broker":"brokerBName","token":"b","session":"a"}

And everything is fine.

But when I do an ajax call for the attach from broker b , I see the following log in the SSO server

Broker request with session  {"broker":"brokerBName","token":"b","session":"c"}

I followed the implementation of the demo/ajax-broker and I'm really wondering what I did wrong.

I think that's what @xiaojunlu meant by different session Id, it's the SSO Server session that is different.

Any help would be appreciated !

Thanks !

Alex · Answer 3 · Wed Nov 09 2022 20:32:00 GMT+0800 (China Standard Time)

Same problem here - every broker gets their own server session.