Persistent session not getting deleted

book

Article ID: 101569

calendar_today

Updated On:

Products

CA Single Sign On Secure Proxy Server (SiteMinder) AXIOMATICS POLICY SERVER CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On

Issue/Introduction

Scenario 1: 

1) User will log into Session 1 
2) User will click the accept button for security pop up on session 1 
3) User logs into Session 2 
4) User does NOT click accept button on security pop up on session 2 
5) User then goes to Session 1 and clicks the log out link 
6) Users session will NOT be removed the SessionStore (but a Cookie SMSESSION=LOGGEDOFF will be set ) 

Scenario 2: 

1) User will log into Session 1 
2) User will click the accept button for security pop up on session 1 
3) User logs into Session 2 
4) User does click accept button on security pop up on session 2 
5) User then goes to Session 1 and clicks the log out link 
6) User will be logged out of their session on the SessionStore 

Cause

Application was controlling the access of the logout URL and sessions, preventing them from being removed.

Environment

Release:
Component: SMAPC

Resolution

Custom application was preventing the session from being deleted from session store as it was controlling the users sessions.