My Oracle Support Banner

ObSSOCookie May Not Be Destroyed Properly (Doc ID 551096.1)

Last updated on SEPTEMBER 21, 2016

Applies to:

COREid Access - Version: 7.0.4 to 10.1.4
Information in this document applies to any platform.


User may face the following behavior:

1. User1 Logs into an application and the applicaiton displays his profile based on the AuthZ headers.
2. User1 logs out and kills all session cookies but does NOT close the browser.
3. User2 logs in, but still sees the same headers as for User1 even though the ObSSOCookie and the
session cookie are new.

The workaround is to close the browser after a user logout and only then do the headers get wiped clean.

How to avoid this behavior?


To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

In this Document

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.