Session is validated for up to 2 minutes after logout

search cancel

Session is validated for up to 2 minutes after logout

book

Article ID: 387229

calendar_today

Updated On:

Products

SITEMINDER CA Single Sign On Agents (SiteMinder) CA Single Sign On Federation (SiteMinder) CA Single Sign On Secure Proxy Server (SiteMinder)

Issue/Introduction

After implementing a session store and persistent sessions, there is one application that allows session cookie replay after the session is logged out.

Environment

ALL

Cause

The application in question was using a custom agent. The custom agent was caching sessions and validating out of cache.

Resolution

Be cautious when using cache for session validation or authorization, making sure any session cache lifetimes are shorter than the configured validation period (validation period is a Siteminder Realm property).

Feedback

thumb_up Yes

thumb_down No