SSO SMSESSION is not killed when user browser is closed
search cancel

SSO SMSESSION is not killed when user browser is closed


Article ID: 270503


Updated On:


SITEMINDER CA Single Sign On Agents (SiteMinder) CA Single Sign On Federation (SiteMinder) CA Single Sign On Secure Proxy Server (SiteMinder)


Users are logged into application user SMSESSION created successfully. When user closes the browser without doing logout and then opens new browser, users are able to login to application and without challenging the login page.

Siteminder is setting only transient cookies in this environment; persistent cookies have never been used.

We would like to know how to kill the session when browser session is closed.


Release : 12.8.04


The browser is for some reason not dropping the transient cookie upon exit.  Most likely the browser executable is continuing to run in the background, possibly in support of unrelated applications.  Since transient cookies live only in memory, they cannot remain in the browser once the browser executable effectively exits.


Take the issue up with the browser vendor if it cannot be determined why the browser executable is not exiting.