I have two applications abc.com and def.xyz.com both are configured with sso using cookie provider (R12.52), such that user first login to abc.com (first tab) and click a link to def.xyz.com which will be opened in a second tab.
As the cookies are set per browser process, just closing the tab won't removethe cookie for def.xyz.com. This is by browser design. To explicitly ask thebrowser to remove the cookie, you need to set logoffuri ACO parameter. The userneeds to click on a specific link to logoff that cookie in def.xyz.com beforeclosing the tab.
Or as you mentionned :
"[...] and click a link to def.xyz.com which will be opened in a second tab."
you might consider to open the site in a new browser window instead of a tab. Sowhen the user will close the Windows, it will lost the cookie for "def.xyz.com".
Or find for the browser a tool capable to do this. To illustrate, for firefox, itseems there are such an add-on :
I hope this helps,
When user closes second tab it has to clear session corresponds to only def.xyz.com but keeping first tab abc.com session active. Is there a way to achieve it?
R: Browser will only display the cookie that correspond to the domain that you access. This means in first tab (abc.com), you will only see the cookie set for that domain. After you close the second tab, you will still able to see the cookie for second tab (def.xyz.com) if you navigate to the domain.
You might try to delete cookie via java script but that might affect first tab cookie