Delete all cookies for one particular cookie domain (other than the SMSession cookie) when the SiteMinder session has logged out.

book

Article ID: 52999

calendar_today

Updated On:

Products

CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On

Issue/Introduction

Description:

Need a way to delete cookies from all applications if a SiteMinder user logs out of their SiteMinder session. For example, if a user has a SiteMinder session in the cookie domain domain.com and the user logs off, we would like all other application cookies (i.e., Jboss, WebSphere) in domain.com to be deleted.

Solution:

SiteMinder has no way of invalidating all cookies from a certain cookie domain when the user logs off. The work around for this is to use something like a jsp or asp page to invalidate the cookies. You must know the names of all the cookies you want to invalidate.

Environment

Release:
Component: SMAPC