Symantec Access Management

Hello, 

I have two applications abc.com and def.xyz.com both are configured with sso using cookie provider (R12.52), such that user first login to abc.com (first tab) and click a link to def.xyz.com which will be opened in a second tab. 

When user closes second tab it has to clear session corresponds to only def.xyz.com but keeping first tab abc.com session active. Is there a way to achieve it using javascript?

Thank you, 

Raja Shravan

Hi Raja,

As the cookies are set per browser process, just closing the tab won't remove
the cookie for def.xyz.com. This is by browser design. To explicitly ask the
browser to remove the cookie, you need to set logoffuri ACO parameter. The user
needs to click on a specific link to logoff that cookie in def.xyz.com before
closing the tab.

Or as you mentionned :

"[...] and click a link to def.xyz.com which will be opened in a second tab."

you might consider to open the site in a new browser window instead of a tab. So
when the user will close the Windows, it will lost the cookie for "def.xyz.com".

Or find for the browser a tool capable to do this. To illustrate, for firefox, it
seems there are such an add-on :

http://www.addictivetips.com/web/set-firefox-to-auto-delete-site-cookies-on-closing-tabs-or-browser/

I hope this helps,

Best Regards,
Patrick

Hi Raja,

Your question:

When user closes second tab it has to clear session corresponds to only def.xyz.com but keeping first tab abc.com session active. Is there a way to achieve it?

R: Browser will only display the cookie that correspond to the domain that you access. This means in first tab (abc.com), you will only see the cookie set for that domain. After you close the second tab, you will still able to see the cookie for second tab (def.xyz.com) if you navigate to the domain.

You might try to delete cookie via java script but that might affect first tab cookie

http://stackoverflow.com/questions/9158042/how-to-delete-jquery-cookie-on-tab-close

Regards,

Kar Meng