Persistent session not getting deleted
Article ID: 101569
Updated On:
Products
CA Single Sign On Secure Proxy Server (SiteMinder)
AXIOMATICS POLICY SERVER
CA Single Sign On SOA Security Manager (SiteMinder)
CA Single Sign-On
Issue/Introduction
Scenario 1:
1) User will log into Session 1
2) User will click the accept button for security pop up on session 1
3) User logs into Session 2
4) User does NOT click accept button on security pop up on session 2
5) User then goes to Session 1 and clicks the log out link
6) Users session will NOT be removed the SessionStore (but a Cookie SMSESSION=LOGGEDOFF will be set )
Scenario 2:
1) User will log into Session 1
2) User will click the accept button for security pop up on session 1
3) User logs into Session 2
4) User does click accept button on security pop up on session 2
5) User then goes to Session 1 and clicks the log out link
6) User will be logged out of their session on the SessionStore
1) User will log into Session 1
2) User will click the accept button for security pop up on session 1
3) User logs into Session 2
4) User does NOT click accept button on security pop up on session 2
5) User then goes to Session 1 and clicks the log out link
6) Users session will NOT be removed the SessionStore (but a Cookie SMSESSION=LOGGEDOFF will be set )
Scenario 2:
1) User will log into Session 1
2) User will click the accept button for security pop up on session 1
3) User logs into Session 2
4) User does click accept button on security pop up on session 2
5) User then goes to Session 1 and clicks the log out link
6) User will be logged out of their session on the SessionStore
Cause
Application was controlling the access of the logout URL and sessions, preventing them from being removed.
Environment
Release:
Component: SMAPC
Component: SMAPC
Resolution
Custom application was preventing the session from being deleted from session store as it was controlling the users sessions.
Feedback
Yes
No
Powered by
