SSO SMSESSION is not killed when user browser is closed
search cancel

SSO SMSESSION is not killed when user browser is closed

book

Article ID: 270503

calendar_today

Updated On:

Products

SITEMINDER CA Single Sign On Agents (SiteMinder) CA Single Sign On Federation (SiteMinder) CA Single Sign On Secure Proxy Server (SiteMinder)

Issue/Introduction

Users are logged into application user SMSESSION created successfully. When user closes the browser without doing logout and then opens new browser, users are able to login to application and without challenging the login page.

Siteminder is setting only transient cookies in this environment; persistent cookies have never been used.

We would like to know how to kill the session when browser session is closed.

Environment

Release : 12.8.04

Cause

The browser is for some reason not dropping the transient cookie upon exit.  Most likely the browser executable is continuing to run in the background, possibly in support of unrelated applications.  Since transient cookies live only in memory, they cannot remain in the browser once the browser executable effectively exits.

Resolution

Take the issue up with the browser vendor if it cannot be determined why the browser executable is not exiting.