Reputation: 5203
Azure Active Directory session_state
I'm using Azure Active Directory to authenticate my users and this is the url that I redirect the users to:
https://login.windows.net/common/oauth2/authorize?response_type=id_token&redirect_uri=https%3A%2F%2Ftest.com%2F&client_id=CB08A120-12BD-11E4-8143-DA6DD34483DE&scope=openid&response_mode=form_post&nonce=50b4146c-585c-49e5-a78e-56d9685c56f2
The response I get comes in the form of a post and has these two parameters:
id_token=*
session_state=*
However, I'm not exactly sure what session_state is. I've tried looking through the documentation, but can't seem to find a good answer. The places where I've found session_state in the documentation are here and here, but neither one helped very much. Is the session_state something I should be persisting in a cookie and sending to each future request to Azure? Or what is its purpose and the proper way to handle it?
Upvotes: 2
Views: 4110
Answers (1)
Reputation: 4004
It identifies an authenticated session at the Azure AD STS.
After the first interactive sign-in, if you re-issue your OpenIDConnect SSO request, the user wont be prompted to sign-in again - yet your app will get back a fresh token, but the sessions_state will be the same as in the previous response. However in your SSO request if you add &prompt=login, the user will be prompted to login again, and this time the sessions_state you will get back will be different.
Most applications will just ignore the value - the ones that want to track that the user indeed re-authenticated will care.
Hope this helps.
Upvotes: 7
Related Questions
- Azure AD user's status
- How can I get an Azure AD users MFA state using the AzureAD module?
- Manage SQL session state using Azure AD
- Can't Find State roaming in Azure AD
- windows azure websites session states
- Azure Active Directory Login
- Azure Role Start Order
- How does Microsoft Azure handle Session State?
- Azure in-memory session state?
- Select a way for Session Management on Windows Azure