My Oracle Support Banner

Session Remains Active After Logout (Doc ID 2405357.1)

Last updated on OCTOBER 09, 2020

Applies to:

Oracle Financial Services Revenue Management and Billing - Version and later
Information in this document applies to any platform.


A user's session is not expired after clicking on the logout button. By sending a GET request with a previous sessionid, the previously active session can be resumed. This process is detailed below: User records the value of SESSIONID. User logs out. User sends the following GET request with the recorded SESSIONID:
HTTP GET Request User is returned to the following page:
Image of Logged in Page
Also this finding can be tested by hitting backspace after clicking on Logout. If the post -authentication pages can be accessed and naviagted to, it indicates the session has not been terminated.


To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

In this Document

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.