OAM 126.96.36.199: How To Revert To Pre BP03 Maximum Number of Sessions per User = 1 Behaviour?
Last updated on MARCH 08, 2017
Applies to:Oracle Access Manager - Version 188.8.131.52.0 and later
Information in this document applies to any platform.
With the initial release of Oracle Access Manager (OAM) 11g, if Maximum Number of Sessions per User was set to 1 in the OAM Console -> System Configuration -> Common Settings page, this caused the user to be unable to re-access an OAM-protected site if they closed the browser before performing OAM SSO logout. This was because the user's session was not removed cleanly unless SSO logout was performed, it remained active in the OAM session store although the browser window was closed and the OAM session cookies were deleted on the client. Since only 1 session per user was permitted by the OAM configuration, that user could not access any OAM-protected site again until the previous session expired on the OAM server or an OAM Administrator manually removed the session.
Reference: Closing a Browser by Mistake Prevents Users to Log On Again if Maximum Number of Sessions per User is Set to 1 Until the User Session Expires (Doc ID 1483275.1)
Since this caused problems for OAM users and administrators alike, 184.108.40.206 Bundle Patch 03 (BP03) i.e. 220.127.116.11.3 introduced a fix that allowed users who had closed the browser window by mistake instead of logging out to login again, this should automatically terminate the previous user session in the OAM Session Store.
How to restore the original pre-BP03 behaviour so that when Maximum Number of Sessions per User is set to 1 only one session is permitted and any second login attempt will be denied until the first session is removed or expired? Even if the user closes the browser by accident.
Sign In with your My Oracle Support account
Don't have a My Oracle Support account? Click to get started
My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms