My Oracle Support Banner

Session Remains Active After Logout (Doc ID 2405357.1)

Last updated on MAY 30, 2018

Applies to:

Oracle Financial Services Revenue Management and Billing - Version 2.4.0.1.0 and later
Information in this document applies to any platform.

Goal

A user's session is not expired after clicking on the logout button. By sending a GET request with a previous sessionid, the previously active session can be resumed. This process is detailed below: User records the value of SESSIONID. User logs out. User sends the following GET request with the recorded SESSIONID:
HTTP GET Request User is returned to the following page:
Image of Logged in Page
Also this finding can be tested by hitting backspace after clicking on Logout. If the post -authentication pages can be accessed and naviagted to, it indicates the session has not been terminated.
 

Solution

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.