The ZXID session system serves three purposes:
Remember whether user has logged in. The session ID is carried either in a cookie or as part of the URL.
Make it possible to perform Single Logout (SLO) and certain federation management tasks.
Remember the service end points (EPRs) that were either
supplied as bootstrap attributes in the SSO assertion, or
later discovered
The biggest complication is the requirement to remember the EPRs and the solution currently used is to keep them as files in a per session directory under the /var/zxid/ses tree.
/var/zxid/ | +-- zxid.conf Main configuration file +-- pem/ Our certificates +-- cot/ Metadata of CoT partners (metadata cache) +-- ses/ Sessions | | | +-- SESID/ Each session has its own directory | | | +-- .ses The session file | +-- SVC,SHA1 Each bootstrap is kept in its own file | +-- user/ Local user accounts (if enabled) | | | +-- SHA1/ Each local user has a directory whose name is SHA1 | | of the user's NameID (idpnid) | +-- .mni Information needed by Name ID management | `-- log/ Log files, pid files, and the like