SMSESSION cookie represents user's session and contains:
- User's ID
- ID of the directory or database from which the user was authenticated
- SMSESSIONSPEC
- Unique Session ID (a hash of the GUID of the logged in user)
- other proprietary information
The Web Agent is responsible for validating an SMSESSION cookie's integrity, session expiration timeouts, and session revocations.
The session-spec field of the SMSESSION cookie is encrypted as it is transmitted by the Web Agent to the Policy Server to take decision about authentication and authorization. By decoding the SMSESSION cookie, you get the information about:
SM_AGENTAPI_ATTR_USERDN
SM_AGENTAPI_ATTR_SESSIONSPEC
SM_AGENTAPI_ATTR_SESSIONID
SM_AGENTAPI_ATTR_USERNAME
SM_AGENTAPI_ATTR_CLIENTIP
SM_AGENTAPI_ATTR_DEVICENAME
SM_AGENTAPI_ATTR_IDLESESSIONTIMEOUT
SM_AGENTAPI_ATTR_MAXSESSIONTIMEOUT
SM_AGENTAPI_ATTR_STARTSESSIONTIME
SM_AGENTAPI_ATTR_LASTSESSIONTIME
