ObSSOCookie May Not Be Destroyed Properly
Last updated on SEPTEMBER 21, 2016
Applies to:COREid Access - Version: 7.0.4 to 10.1.4
Information in this document applies to any platform.
User may face the following behavior:
1. User1 Logs into an application and the applicaiton displays his profile based on the AuthZ headers.
2. User1 logs out and kills all session cookies but does NOT close the browser.
3. User2 logs in, but still sees the same headers as for User1 even though the ObSSOCookie and the
session cookie are new.
The workaround is to close the browser after a user logout and only then do the headers get wiped clean.
How to avoid this behavior?
Sign In with your My Oracle Support account
Don't have a My Oracle Support account? Click to get started
My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms