ObSSOCookie May Not Be Destroyed Properly (Doc ID 551096.1)

Last updated on SEPTEMBER 21, 2016

Applies to:

COREid Access - Version: 7.0.4 to 10.1.4
Information in this document applies to any platform.

Goal

User may face the following behavior:


1. User1 Logs into an application and the applicaiton displays his profile based on the AuthZ headers.
2. User1 logs out and kills all session cookies but does NOT close the browser.
3. User2 logs in, but still sees the same headers as for User1 even though the ObSSOCookie and the
session cookie are new.

The workaround is to close the browser after a user logout and only then do the headers get wiped clean.

How to avoid this behavior?

Solution

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms