Previous Topic: Working with Cookies

Next Topic: Enable Wildcard Cookie Names

Administration GuideConfigure SPS to Support the SessionLinkerConfigure the SPS to Support the SessionLinkerWorking with CookiesSingle Session Cookie Enforcement

Single Session Cookie Enforcement

In most cases, an application has a specific name that is always used for an associated session cookie. In other cases, the name of the cookie begins with a known string, such as ASPSESSIONID or MYAPPSESSION, and ends with a random or unpredictable suffix. In such cases, the SessionLinker prevents users from presenting more than one of these cookies and enforces the expected session linking.

If the SessionLinker detects multiple potential session cookies, it performs the following steps:

  1. Blocks access to sessions
  2. Destroys all the cookies
  3. Redirects the user to a URL that you specify. If you do not specify a URL, the internal server error is displayed.