Regarding to the spec on openid-connect-session-1_0-15.html, The session_state = CryptoJS.SHA256(client_id + ' ' + e.origin + ' ' + opbs + [' ' + salt]) [+ "." + salt] where opbs is browser state. Besides, opbs' type is unclear, I am not sure if it is a random string or not.
Ortherwise, regarding to the "session management memo" on https://bitbucket.org/openid/connect/wiki/session%20management%20memo, the session_state = sha256(client_id + origin + idp_session_state + salt) + "." + salt. where obps above is replaced with "idp_session_state" and its value is defined as 1 of 3 values only.
Could you please make it clear?