APM - check for a session from within another session
Hi,
I have a scenario where after a user is authenticated by APM and has an active session, subsequently an out of band request will come in which is from a browser plugin but in practice its effectively a new browser session. This out of band request will have a cookie set by the application with the same name/value as a cookie that is also in the main session. I need APM to read the cookie from the out of band request, and check that such a session variable exists in an already authenticated session, and hence allow the out of band request through.
I can do the first part of this, which is grab the application cookie from the APM authenticated session and store it in an APM session variable - but how, when the out of band request comes in, can I iterate through active APM sessions looking for an authenticated active session which has the application cookie?
Is there a way for an access policy to read sessions variables from other sessions ?
Ben
PS: I guess that was a long winded way of asking for a way to allow requests that come in from pre-authenticated sources, in my case identified by a cookie which exists in both authenticated and unauthenticated requests, aka the unauthenticated request does not have the APM session ID cookie in it.