Mobile Clients: OAM Session Is Reused After New User Authentication (no Explicit Logout) (Doc ID 2280289.1)

Last updated on JUNE 29, 2017

Applies to:

Oracle Mobile and Social - Version 11.1.2.3.0 and later
Information in this document applies to any platform.

Symptoms

 In native mobile applications using the OMS IDMMobileSDK, an OAM session from the first user is being reused after a second user authenticates on the same device and no explicit logout was issued prior to this second authentication.


The desired behavior is for the first user's OAM session to be discarded once the second user authenticates. A new OAM session should be created for this second user.

This problem is only observed for Android clients.

We have an HTTP capture that shows that the 2nd authentication results in a new OAM_ID cookie, but the OAMAuthnCookie value is the same. Presumably, if this was working correctly, the OAMAuthnCookie would be different for a different user.

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms