Mobile Clients: OAM Session Is Reused After New User Authentication (no Explicit Logout)
Last updated on JUNE 29, 2017
Applies to:Oracle Mobile and Social - Version 22.214.171.124.0 and later
Information in this document applies to any platform.
In native mobile applications using the OMS IDMMobileSDK, an OAM session from the first user is being reused after a second user authenticates on the same device and no explicit logout was issued prior to this second authentication.
The desired behavior is for the first user's OAM session to be discarded once the second user authenticates. A new OAM session should be created for this second user.
This problem is only observed for Android clients.
We have an HTTP capture that shows that the 2nd authentication results in a new OAM_ID cookie, but the OAMAuthnCookie value is the same. Presumably, if this was working correctly, the OAMAuthnCookie would be different for a different user.
Sign In with your My Oracle Support account
Don't have a My Oracle Support account? Click to get started
My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms