SAML Cookie Persistence after browser/system restart and across service providers

Yep, I check both of those. I set the domain cookie as the parent domain (I have multiple Access Porifles sharing that cookie). I also set the Maximum Session Timeout to match the number of seconds in the iRule. The contractor I was working with suggested matching those, but I'm not sure if it's technically a requirement. We had a hard date to go live so I've been dealing with go-live issues and haven't been able to test and break additional policies to verify the bits and pieces that matter most. So essentially I have Virtual Server A Access Policy A Maximum Session Timeout (set to X seconds) SSO/Auth Domain Cookie set to parentdomain.com Secure checked Persistent checked Presistent iRule (set to X seconds) Virtual Server B Presistent iRule (set to X seconds) Access Policy B Maximum Session Timeout (set to X seconds) SSO/Auth Domain Cookie set to parentdomain.com Secure checked Persistent checked

Oh and Access Policy A is set up for SP's that require lots of attributes to populate profiles. Access Policy B is set up with just authentication but no additional queries. Then I have an IdP for one of our SP's that needs all that info for profiles and another IdP that just uses email for the assertion and I have a few SP's using that. That way I don't need individual IdP's, Access Policies Virtual Servers for each SSO buddy.

Comment formatting on here is awful. Sorry for the replies and deleting/adding the comments.