Losing session on redirect to another page within same site

I am creating a SAML based Single Sign On (SSO) functionality, and the server acting as a Service Provider (SP) communicates with an User Agent and Identity Server (IdP) to obtain assertions. The implementation is based on simpleSAMLphp, and authentication works perfectly but the data placed on SESSION loses upon redirect to another page within the same website.

After some research, I found that there may be two possibilities for losing session data: (1) protocol change from HTTP to HTTPS or vice versa, or (2) session cross domains or subdomains and cookie isn't aware of the crossing sub-domains. I have looked at my implementation very closely, and all communication is done via https and service is hosted on www subdomain; and yet the session is being lost after comminicating with an identity server.

Comments

Add new comment

Filtered HTML

  • Web page addresses and e-mail addresses turn into links automatically.
  • Allowed HTML tags: <a> <em> <strong> <cite> <blockquote> <code> <ul> <ol> <li> <dl> <dt> <dd>
  • Lines and paragraphs break automatically.

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.