Mobile Clients: OAM Session Is Reused After New User Authentication (no Explicit Logout)
(Doc ID 2280289.1)
Last updated on JUNE 29, 2017
Applies to:Oracle Mobile and Social - Version 184.108.40.206.0 and later
Information in this document applies to any platform.
In native mobile applications using the OMS IDMMobileSDK, an OAM session from the first user is being reused after a second user authenticates on the same device and no explicit logout was issued prior to this second authentication.
The desired behavior is for the first user's OAM session to be discarded once the second user authenticates. A new OAM session should be created for this second user.
This problem is only observed for Android clients.
We have an HTTP capture that shows that the 2nd authentication results in a new OAM_ID cookie, but the OAMAuthnCookie value is the same. Presumably, if this was working correctly, the OAMAuthnCookie would be different for a different user.
To view full details, sign in with your My Oracle Support account.
Don't have a My Oracle Support account? Click to get started!