• State Not Answered
  • +2 person also asked this people also asked this
  • Locked Locked
  • Replies 4 replies
  • Subscribers 64 subscribers
  • Views 4616 views
  • Users 0 members are here
Options
Related
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

ARS 7.2 Logout

KenRob57
over 6 years ago

We just upgraded to 7.2 up and running now on new 2012R2 servers.  However, the Logout option, although it appears to logout the user, the user can get right back in without providing credentials again unless the browser is closed.  We are configured for smart cards for our accounts and all is working well except for this.  Is there anything we can configure to get a better result of clicking Logout so we don't have to also close our browser or clear the SSL?  This is happening on Chrome, Internet Explorer, and Firefox.

  • 0 over 6 years ago
    Has anyone had this question answered yet?
    Lu
  • 0 over 6 years ago
    If Windows Authentication is enabled, I would fully expect the behaviour that you describe in Internet Explorer. The logout does destroy the session token, but Internet Explorer just gets another one as needed and seamlessly continues, as designed.

    This should not be happening on Chrome and Firefox, and I cannot reproduce that behaviour.
  • 0 over 6 years ago
    I'm not sure if it will help in this situation but I always tell customers to configure IE's Authentication security setting to "Prompt for username and password".

    I know that some people don't like this because it can mess up SSO for other apps but I believe it will force you to logon everytime in Active Roles.
  • 0 over 6 years ago
    Yeah I would rather not force the Prompt for username and password due to the SSO for the ARWebSelfService site for our regular users to access under their regular login.