In IIS logs I see that every time a user hits a page, we are doing a get request out to OAM from Webgate. This is causing issues where our secure site is no longer available but LiveSite is still running. We do have session in our header, and our OAM admin team is seeing this session set with no expire until log out. That team has stated the below. I believe I need to set Jakarta to hold onto this this session cookie as well. I am not sure how to configure that.
"There have been no OAM changes in UAT for several years so we are at a loss to know what has been modified outside of OAM that is impacting the site function. The continuous need for users to reauthenticate would mean that the OAM session is not being carried over. The WebGate is reaching OAM and creating the sessions, but if the session cookie detail is lost the user will need to reauthenticate over and over. OAM will terminate a session with the logout.* request, but these sessions are most likely not being terminated. We can validate this with a tester. **What is more likely is that the session information is not being retained once the Jakarta filter is invoked within IIS. It’s like every request is the first one requiring the user to reauthenticate. " **
