With Maximum Number Of Sessions Per User Restricted to 1, When User Logs In From Different Location the Old Session is not Expired / Removed (Doc ID 1575083.1)

Last updated on MARCH 08, 2017

Applies to:

Oracle Access Manager - Version 11.1.1.5.0 and later
Information in this document applies to any platform.

Symptoms

As from Oracle Access Manager (OAM) release 11.1.1.5.3 (BP03) if OAM has Maximum Number of Sessions per User set to 1 and the user accidentally closes their browser instead of performing OAM SSO logout, the user will be able to login again in a new browser session and the previous session will be automatically terminated.

 

However when this situation occurs, search in the OAM Console -> System Configuration -> Session Management page for that User ID returns two sessions - the previous session has not been expired / removed.

 

Changes

 

With the initial release of Oracle Access Manager (OAM) 11g, if Maximum Number of Sessions per User was set to 1 in the OAM Console -> System Configuration -> Common Settings page, this caused the user to be unable to access OAM if they closed the browser before performing OAM SSO logout. This was because the user's session was not removed cleanly unless SSO logout was performed, it remained active in the OAM session store although the browser window was closed and the OAM session cookies were deleted on the client. Since only 1 session per user was permitted by the OAM configuration, that user could not access any OAM-protected site again until the previous session expired on the OAM server or an OAM Administrator manually removed the session.

Reference: Closing a Browser by Mistake Prevents Users to Log On Again if Maximum Number of Sessions per User is Set to 1 Until the User Session Expires (Doc ID 1483275.1)

 

Since this caused problems for OAM users and administrators alike, 11.1.1.5 Bundle Patch 03 (BP03) i.e. 11.1.1.5.3 introduced a fix that allowed users who had closed the browser window by mistake instead of logging out to login again, this should automatically terminate the previous user session in the OAM Session Store.

 

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms