Symantec Access Management

Expand all | Collapse all

User view issues in SPS

  • 1.  User view issues in SPS

    Posted 11-14-2016 07:04 AM

    Hello,

     

    We are facing one issue in application login where the application is protected by siteminder and using SPS as the reverse proxy.

    The scenario is User A logs into the application, works as per his privileges and logs out. User B logs into the same application in the same browser without closing and reopening the browser.

    User B gets the same view that User A last accessed, but after refreshing/clicking on any tab once, user B gets his own view.

    User B is not able to perform any actions from User A's console but he is able to view the application-view for user A.

    In the second case, the same application is using Apache as reverse proxy, in this case the previous user's view is never visible to the new user.

     

    Please suggest, what could be the possible reason for this behavior, also how can this be resolved?

     

    Regards,

    Aditi



  • 2.  Re: User view issues in SPS

    Posted 11-14-2016 06:12 PM

    Hi Aditi,

     

    Using fiddler can you check after the User A logs out SMSESSION cookie is deleted to "logged off"?

     

    Regards,

    Ujwol



  • 3.  Re: User view issues in SPS

    Posted 11-14-2016 11:19 PM

    Yes Ujwol, when user A logs out SMSESSION cookie is deleted to "logged off".

     

    Regards,

    Aditi



  • 4.  Re: User view issues in SPS

    Posted 11-15-2016 07:08 PM

    Hi Aditi,

    What is the authentication scheme used? Looks like caching on the web server. Fiddler trace with the use case should give us better idea.

     

    Regards,

    Kar Meng



  • 5.  Re: User view issues in SPS

    Posted 11-16-2016 04:03 AM
      |   view attached

    Hello Kar,

     

    We are using a form based authentication scheme.

    Please refer to the fiddler logs attached for reference.

     

    Regards,

    Aditi

    Attachment(s)

    zip
    SPS Fiddler Logs.zip   371 KB 1 version


  • 6.  Re: User view issues in SPS

    Broadcom Employee
    Posted 11-16-2016 05:54 AM

    Hi Aditi,

     

    I have checked the attached Fiddler trace, and I do see the log off taking place correctly, however, when the second user logs in, I see there is the same JSESSIONID cookie maintained:
    JSESSIONID=4A2B2BF9D0A5AD00CA9390A311561B19
    JSESSIONID=4A2B2BF9D0A5AD00CA9390A311561B19

     

    This is a Java cookie generated by the backend web server for session management which can explain the behavior you are seeing depending on the backend cache settings, and it should be removed when the session is closed on the backend, besides you logoff on SM side.

     

    You may want to review your log out page to see how it is closing the session on the backend, and when calling the index JSP page for logout, it may contain code to invalidate the session or a page session=false to ensure it is being emptied as well.

     

    I hope this helps.

    Albert



  • 7.  Re: User view issues in SPS

    Posted 11-18-2016 12:46 AM

    Thank you Albert for the analysis!

     

    But, for the same application when we are using apache as reverse proxy, the user view issue is not faced.

    Is there any possibility that SPS is caching the JSESSIONID cookie for user A and not replacing it with JSESSIONID cookie for user B, because this is not happening in case of apache?

    As soon as the user B will click on some tab or refresh the page, the view will be changed for User B.

     

    Please suggest!

    Regards,

    Aditi



  • 8.  Re: User view issues in SPS

    Posted 11-21-2016 10:07 PM

    Hi Aditi,

     

    In server.conf, do you have "enablecachepostdata" set to no (default value)? If you happen to set it to yes, try set to no.

     

      #This parameter is applicable to the caching of POST data.
      #"no"--- Default Value. Post data ia not cached by SPS.
      #"yes"--- POST data Caching enabled
      enablecachepostdata="no"

     

    Regards,

    Kar Meng



  • 9.  Re: User view issues in SPS

    Posted 11-22-2016 11:34 PM

    Hello Kar,

     

    Yes, this value is set to "yes" in our case. But, it was changed to yes on suggestion of CA support in order to improve the performance of SPS.

     

    Please suggest if setting it no will impact the performance of SPS in any way?

     

    Regards,

    Aditi



  • 10.  Re: User view issues in SPS

    Posted 11-23-2016 06:24 PM

    Hi Aditi,

    The objective of setting enablecachepostdata="no" is to isolate if this parameter causing the issue. You can change it back to yes after the testing.

     

    Regards,

    Kar Meng



  • 11.  Re: User view issues in SPS