My Oracle Support Banner

OAM Logout Fails to Invalidate Session in Multi Data Center Environment After Session is Migrated (Doc ID 2724051.1)

Last updated on NOVEMBER 03, 2020

Applies to:

Oracle Access Manager - Version and later
Information in this document applies to any platform.


When attempting to logout in an MDC environment, the logout appears to succeed, however on accessing a protected resource the user session is reestablished, and the user is able to access resources without reauthenticating. 

There was a very specific use pattern for this case:

1.  User accesses protected resource in data center A (there was only a single webgate involved, which was in data center A)

2.  The OAM managed server was shut down in data center A

3.  The user refreshes the resource/accesses another resource on the same webgate (to affect a migration from data center A to data center B)

4.  The user logs out of OAM using the /oam/server/logout URL on the OAM managed server

5.  The user then accesses the original resource again, and is granted access without having to reauthenticate


To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

In this Document

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.