Note ##1717945 Portal Logoff Does Not Logoff the Backend When Using HTTP Security Session Management is the right solution for your concern. From certain perspective that, to close browser window to invalidate the session would be not correct way to do so as session sometimes will not be terminated as expected which affected by SRA(Session release agent).
The logoff button work very well, but not every user use this button. That is a security issue. Another user is able to open another tab and use the session again.
Please follow Note 1660720 - Session remains open after the logoff on enterprise portal (troubleshooting using httpwatch). To attach trace here , we will be able to see if SRA will work fine or not upon closing the browser window.
The problem is, the user doesn't use the logoff functionality. This worked very well. The user closed the browser tab without logoff. Then we have to wait for the session timeout. But in this time, another user is able to use this session on this computer.
It is hard to answer once we don't have your Component info. However, see the notes below: ##1717945 Portal Logoff Does Not Logoff the Backend When Using HTTP Security Session Management There is also many patches to deal with this issue.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.