Skip to Content

invalidate portal session if user close browser

Hi,

is there a solution for the old problem, that if the user doesn't use the log off button and close the entire browser tab or window?

The session ist already valid and another user on the same computer is able to access sensitive data.

br Patrick

Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

2 Answers

  • Apr 19 at 07:08 PM

    It is hard to answer once we don't have your Component info. However, see the notes below: ##1717945 Portal Logoff Does Not Logoff the Backend When Using HTTP Security Session Management There is also many patches to deal with this issue.

    Regards.

    Fabio Sarmento

    Add comment
    10|10000 characters needed characters exceeded

  • May 01 at 02:34 AM

    Hi Patrick,

    Note ##1717945 Portal Logoff Does Not Logoff the Backend When Using HTTP Security Session Management is the right solution for your concern. From certain perspective that, to close browser window to invalidate the session would be not correct way to do so as session sometimes will not be terminated as expected which affected by SRA(Session release agent).

    Regards,
    Herman

    Add comment
    10|10000 characters needed characters exceeded

    • The problem is, the user doesn't use the logoff functionality. This worked very well. The user closed the browser tab without logoff. Then we have to wait for the session timeout. But in this time, another user is able to use this session on this computer.