Hi Andy,
That login.html cookie is used to redirect users to whatever is set as 'originURI' after a user logs out or a session expires. This check is made every time a user hits index.html. Here is some more information on it: https://forum.mendix.com/link/questions/9231
This cookie should be automatically set by the SAML module itself. It is set in the SessionManager.java file to be equal to the /SSO/ value, so you don't need to set it in your index.html.
Thanks for the info Rob, that's now working as expected with the cookie script commented out.
While I have your attention could I ask you if it's possible to restrict access the index3.html page, we'd like all users to access via SSO only so don't want this page to offer a mendix login...
I tried using path based restriction on index3.html but that prevents the SSO working also.
Thanks!