User Sessions

SiteMinder supports persistent and non-persistent sessions. The standard SiteMinder sessions are non-persistent and contain user session data but no other user-specific data. For example, a session does not contain attributes unless configured to do so. The SiteMinder user session is created by the SiteMinder server upon successful authentication.

The servers send the user session SiteMinder Web Agent to set in the browser. The policy agent is responsible for validating the cookie and enforcing session timeouts. The cookie named SMSESSION contains the following parameters by default:

• Device name or host name

• User's full DN

• User Name

• Session idle timeout

• Session maximum timeout

• Session creation time