Skip to Content
0
Former Member
Dec 17, 2009 at 08:11 PM

Cookies Problem with 3 tiered SSO

399 Views

The issue:

We have a SiteMinder protected site that engages SAP. Running SiteMinder Web Agent 6QMR5-HF18 and CA/SiteMinder Session Linker on the Web Server, and CA/SiteMinder WebAS ERP Agent on the SAP Web Dispatcher/WebAS service. Once the sessions are established we have the following Cookies/Sessions defined.

JSESSION, SMSESSION, MYSAPSSO2, SMIDENTITY

Upon Logout the SiteMinder WebAgent expires the SMSESSION (so that next access requires Login) However, the MYSAPSSO2 session is not being cleared and subsequent different users are picking up the prior user session. Note: that if the browser is closed completely, the MYSAPSSO2 cookie is then invalidated.

Question: What is required to clear or invalidate the MYSAPSSO2 cookie ? (without forcing the user to close the browser).