Skip to Content
0

invalidate portal session if user close browser

Apr 18 at 07:48 PM

73

avatar image

Hi,

is there a solution for the old problem, that if the user doesn't use the log off button and close the entire browser tab or window?

The session ist already valid and another user on the same computer is able to access sensitive data.

br Patrick

10 |10000 characters needed characters left characters exceeded
* Please Login or Register to Answer, Follow or Comment.

2 Answers

Fabio Sarmento
Apr 19 at 07:08 PM
0

It is hard to answer once we don't have your Component info. However, see the notes below: ##1717945 Portal Logoff Does Not Logoff the Backend When Using HTTP Security Session Management There is also many patches to deal with this issue.

Regards.

Fabio Sarmento

Share
10 |10000 characters needed characters left characters exceeded
Herman Lin
May 01 at 02:34 AM
0

Hi Patrick,

Note ##1717945 Portal Logoff Does Not Logoff the Backend When Using HTTP Security Session Management is the right solution for your concern. From certain perspective that, to close browser window to invalidate the session would be not correct way to do so as session sometimes will not be terminated as expected which affected by SRA(Session release agent).

Regards,
Herman

Show 3 Share
10 |10000 characters needed characters left characters exceeded

The logoff button work very well, but not every user use this button. That is a security issue. Another user is able to open another tab and use the session again.

0

Hi Patrick,

Please follow Note 1660720 - Session remains open after the logoff on enterprise portal (troubleshooting using httpwatch). To attach trace here , we will be able to see if SRA will work fine or not upon closing the browser window.

Regards,
Herman

0

The problem is, the user doesn't use the logoff functionality. This worked very well. The user closed the browser tab without logoff. Then we have to wait for the session timeout. But in this time, another user is able to use this session on this computer.

0