Forum Discussion

swifty_89412's avatar
Icon for Nimbostratus rankNimbostratus
Apr 23, 2012

Access policy evaluation is already in progress for your current session.

I have an access policy to provide single sign-on amongst a set of Windows (NTLM) authenticated web sites. I have set up a 'Logout URI Include' in the 'Configurations' of the Access Profile. For the most part logging in and out works quite well.



Occasionally however logging out throws up some problems. The following events usually do it:



- URI it takes longer than the timeout value to display the page, then browse to another page.


- Stay on the logout page for a long time then try and visit the site again.


- During the logout timeout period start hitting other pages on the site.



The following message is displayed by the APM. It's not terribly friendly, but clicking on the link will let you log in again but will create unnecessary APM sessions:



Access policy evaluation is already in progress for your current session.


You may see this message, if you are using a different browser tab than the one where you started the access policy initially. Please continue to finish your access policy in the previous browser tab, and close this current window immediately.



If you have reached to this message due to some other error, click here for creating a new session.



Has anyone got any suggestion on why this is happening, where I can find more info on problems with APM sessions and logging out or how to avoid this problem.








4 Replies

  • The already in progress error page, for the most part, is triggered when you attempt to access a non-APM URI:

    1. During the access policy evaluation, and
    2. With a URI that doesn't match the original URI - stored in the session.server.landinguri session variable.

    Not sure if this will help you, but the following should ensure that a non-APM/non-original URI does not trigger the in progress error:

    when HTTP_REQUEST {
        if { ( [HTTP::cookie exists MRHSession] ) and not ( [ACCESS::session exists -state_allow [HTTP::cookie value MRHSession]] ) } {
            if { ( [HTTP::uri] ne [ACCESS::session data get session.server.landinguri] ) and not ( [ACCESS::session data get session.server.landinguri] eq "" ) } {
                HTTP::redirect [ACCESS::session data get session.server.landinguri]

    The idea is this. If an HTTP request comes in that:

    1. Has the MRHSession cookie
    2. Has an access policy that is not completed, and
    3. The request URI does not match the landinguri variable

    redirect back to the landinguri URI.

  • Darryl,



    Did you ever get this figured out? I've got the same message showing up after implementing my APM policy for SSO.





  • Any luck with this error message ? i get it when i hit the root path and then try to change uri without log in. I ideally expect it to get back to login screen