Symantec Access Management

View Only

Back to discussions

Expand all | Collapse all

Session Still Valid After Logout Due to SAG Cache – How to Invalidate?

1. Session Still Valid After Logout Due to SAG Cache – How to Invalidate?

Recommend
P RAMARAO
Posted Mar 24, 2026 03:05 AM

Reply Reply Privately
Hello everyone,

I've encountered an issue related to session handling after user logout.

Even after logging out of the application, it appears possible to hijack or reuse the session. Upon reviewing the logs, I noticed that the session continues to be validated from the SAG server cache even after logout.

One possible workaround is to reduce the session validation period (e.g., to 1 second). However, this would significantly increase the load on both the Policy Server and the SAG Server and therefore is not recommended.

Is there a way to immediately invalidate or remove the session from the SAG server cache right after user logout? Any best practices or recommended approaches to handle this securely would be greatly appreciated.

Thank you in advance.

-------------------------------------------
2. RE: Session Still Valid After Logout Due to SAG Cache – How to Invalidate?

Recommend
Camil Huric
Posted Mar 26, 2026 10:53 AM

Reply Reply Privately
Hello P Ramarao,

If your session continue to be valid, basically you have not been logged out.
You have to invalidate SM Session to be logged out effectively.

Try to check Broadcom documentation.

regards

Camil
-------------------------------------------
3. RE: Session Still Valid After Logout Due to SAG Cache – How to Invalidate?

Recommend
P RAMARAO
Posted Mar 27, 2026 02:39 AM

Reply Reply Privately
Hi Camil,

Thank you for your response.

As mentioned earlier, we are still able to hijack or reuse the session even after logout. Upon further verification, we observed that the session continues to be validated from the SAG server cache.

We have confirmed that after logout:

The SM session is removed from the Policy Server

The session is cleared from the session store

The browser session is also invalidated

However, despite all of the above, the session is still being validated from the SAG server cache.

Could you please advise if there is a way to immediately invalidate or clear the session from the SAG server cache upon logout?

Thanks in advance for your guidance.

Best Regards,

Ramarao P
-------------------------------------------

Original Message
4. RE: Session Still Valid After Logout Due to SAG Cache – How to Invalidate?

Recommend
Camil Huric
Posted Mar 27, 2026 01:44 PM

Reply Reply Privately
Hi Ramarao

How did you logged out?

Are you used LogOffUri ACO parameter or Logout FCC form, according to Comprehensive Logout paragraph of the user manual?

regards

Camil

-------------------------------------------

Original Message
5. RE: Session Still Valid After Logout Due to SAG Cache – How to Invalidate?

Recommend
P RAMARAO
Posted Mar 30, 2026 08:40 AM

Reply Reply Privately
Hi Camil,

As part of the comprehensive logout configuration, we are using the LogOffUri ACO parameter. Please find the screenshot attached.

content of logout.html

<!DOCTYPE html>
<html>
<head>
<title>Logout Successful</title>
<meta http-equiv="Pragma" content="no-cache">
<meta http-equiv="Expires" content="-1">
<meta http-equiv="Cache-Control" content="no-cache, no-store, must-revalidate">
<style>body { font-family: Arial; text-align: center; padding: 50px; }</style>
</head>
<body>
<h2>You have been successfully logged out.</h2>
<p>Thank you for using our application.</p>
</body>
</html>

Additionally, the user is being authorized from the SAG cache while attempting to hijack the session using SMSESSION after logout. Please find the related SAG logs below

[][][][Start new request.]
[03/30/2026][17:36:09][2245566][140093847238400][CSmResourceManager.cpp:75][CSmResourceManager::ProcessResource][000000000000000000000000660aa8c0-2243be-69ca6731-23fff700-00b9795ce891][][][][][][Calling SM_WAF_HTTP_PLUGIN->ProcessResource.]
[03/30/2026][17:36:09][2245566][140093847238400][SmApache24WebFilterCtxt.cpp:1779][CSmApache24WebFilterCtxt::SetP3PCompactPolicy][][][][][][][sP3PCompactPolicy: '']
[03/30/2026][17:36:09][2245566][140093847238400][CSmHttpPlugin.cpp:597][CSmHttpPlugin::ProcessResource][000000000000000000000000660aa8c0-2243be-69ca6731-23fff700-00b9795ce891][][][][][][Resolved HTTP_HOST: 'kyn-siteminder-02.kyndleit.com'.]
[03/30/2026][17:36:09][2245566][140093847238400][CSmHttpPlugin.cpp:6338][Entered CSmHttpPlugin::ResolveFQServerName sHost: ][][][][][][][kyn-siteminder-02.kyndleit.com]
[03/30/2026][17:36:09][2245566][140093847238400][CSmHttpPlugin.cpp:687][CSmHttpPlugin::ProcessResource][000000000000000000000000660aa8c0-2243be-69ca6731-23fff700-00b9795ce891][][][][][][Resolved hostname: 'kyn-siteminder-02.kyndleit.com'.]
[03/30/2026][17:36:09][2245566][140093847238400][CSmHttpPlugin.cpp:706][CSmHttpPlugin::ProcessResource][000000000000000000000000660aa8c0-2243be-69ca6731-23fff700-00b9795ce891][][][][][][Resolved agentname: 'apache'.]
[03/30/2026][17:36:09][2245566][140093847238400][CSmHttpPlugin.cpp:6716][CSmHttpPlugin::ResolveClientIp][000000000000000000000000660aa8c0-2243be-69ca6731-23fff700-00b9795ce891][][][apache][][][Resolved Client IP address '192.168.10.53'.]
[03/30/2026][17:36:09][2245566][140093847238400][CSmHttpPlugin.cpp:888][CSmHttpPlugin::ProcessResource][000000000000000000000000660aa8c0-2243be-69ca6731-23fff700-00b9795ce891][192.168.10.53][][apache][][][Resolved URL: '/test2/test.html'.]
[03/30/2026][17:36:09][2245566][140093847238400][CSmHttpPlugin.cpp:1032][CSmHttpPlugin::ProcessResource][000000000000000000000000660aa8c0-2243be-69ca6731-23fff700-00b9795ce891][192.168.10.53][][apache][/test2/test.html][][Resolved METHOD: 'GET'.]
[03/30/2026][17:36:09][2245566][140093847238400][CSmHttpPlugin.cpp:1095][CSmHttpPlugin::ProcessResource][000000000000000000000000660aa8c0-2243be-69ca6731-23fff700-00b9795ce891][192.168.10.53][][apache][/test2/test.html][][Resolved cookie domain: '.kyndleit.com'.]
[03/30/2026][17:36:09][2245566][140093847238400][CSmResourceManager.cpp:112][CSmResourceManager::ProcessResource][000000000000000000000000660aa8c0-2243be-69ca6731-23fff700-00b9795ce891][192.168.10.53][][apache][/test2/test.html][][SM_WAF_HTTP_PLUGIN->ProcessResource returned SmSuccess.]
[03/30/2026][17:36:09][2245566][140093847238400][CSmSessionManager.cpp:82][CSmSessionManager::EstablishSession][000000000000000000000000660aa8c0-2243be-69ca6731-23fff700-00b9795ce891][192.168.10.53][][apache][/test2/test.html][][Calling SM_WAF_HTTP_PLUGIN->EstablishSession.]
[03/30/2026][17:36:09][2245566][140093847238400][CSmSessionManager.cpp:126][CSmSessionManager::EstablishSession][000000000000000000000000660aa8c0-2243be-69ca6731-23fff700-00b9795ce891][192.168.10.53][][apache][/test2/test.html][][SM_WAF_HTTP_PLUGIN->EstablishSession returned SmNoAction.]
[03/30/2026][17:36:09][2245566][140093847238400][CSmLowLevelAgent.cpp:548][IsResourceProtected][000000000000000000000000660aa8c0-2243be-69ca6731-23fff700-00b9795ce891][192.168.10.53][][apache][/test2/test.html][][Resource is protected from cache.]
[03/30/2026][17:36:09][2245566][140093847238400][CSmResponseManager.cpp:193][ProcessResponses][000000000000000000000000660aa8c0-2243be-69ca6731-23fff700-00b9795ce891][192.168.10.53][][apache][/test2/test.html][][Calling SM_WAF_HTTP_PLUGIN->ProcessResponses.]
[03/30/2026][17:36:09][2245566][140093847238400][CSmHttpPlugin.cpp:3551][CSmHttpPlugin::ProcessResponses][000000000000000000000000660aa8c0-2243be-69ca6731-23fff700-00b9795ce891][192.168.10.53][][apache][/test2/test.html][][Processing IsProtected responses.]
[03/30/2026][17:36:09][2245566][140093847238400][CSmResponseManager.cpp:231][ProcessResponses][000000000000000000000000660aa8c0-2243be-69ca6731-23fff700-00b9795ce891][192.168.10.53][][apache][/test2/test.html][][SM_WAF_HTTP_PLUGIN->ProcessResponses returned SmSuccess.]
[03/30/2026][17:36:09][2245566][140093847238400][CSmCredentialManager.cpp:132][CSmCredentialManager::GatherCredentials][000000000000000000000000660aa8c0-2243be-69ca6731-23fff700-00b9795ce891][192.168.10.53][][apache][/test2/test.html][][Calling SM_WAF_HTTP_PLUGIN->ProcessCredentials.]
[03/30/2026][17:36:09][2245566][140093847238400][SmPluginUtilities.cpp:171][DeleteCookie][000000000000000000000000660aa8c0-2243be-69ca6731-23fff700-00b9795ce891][192.168.10.53][][apache][/test2/test.html][][Deleted cookie 'SMCHALLENGE'.]
[03/30/2026][17:36:09][2245566][140093847238400][CSmHttpCredCore.cpp:630][CSmHttpCredCore::GatherBasicCredentials][000000000000000000000000660aa8c0-2243be-69ca6731-23fff700-00b9795ce891][192.168.10.53][][apache][/test2/test.html][][Decoded BASIC Context - User 'abcd']
[03/30/2026][17:36:09][2245566][140093847238400][CSmCredentialManager.cpp:169][CSmCredentialManager::GatherCredentials][000000000000000000000000660aa8c0-2243be-69ca6731-23fff700-00b9795ce891][192.168.10.53][][apache][/test2/test.html][][SM_WAF_HTTP_PLUGIN->ProcessCredentials returned SmSuccess.]
[03/30/2026][17:36:09][2245566][140093847238400][CSmLowLevelAgent.cpp:1548][AuthenticateUser][000000000000000000000000660aa8c0-2243be-69ca6731-23fff700-00b9795ce891][192.168.10.53][][apache][/test2/test.html][abcd][User 'abcd' is authenticated by Policy Server.]
[03/30/2026][17:36:09][2245566][140093847238400][CSmResponseManager.cpp:193][ProcessResponses][000000000000000000000000660aa8c0-2243be-69ca6731-23fff700-00b9795ce891][192.168.10.53][][apache][/test2/test.html][abcd][Calling SM_WAF_HTTP_PLUGIN->ProcessResponses.]
[03/30/2026][17:36:09][2245566][140093847238400][CSmHttpPlugin.cpp:3762][CSmHttpPlugin::ProcessResponses][000000000000000000000000660aa8c0-2243be-69ca6731-23fff700-00b9795ce891][192.168.10.53][][apache][/test2/test.html][abcd][Processing Authentication responses.]
[03/30/2026][17:36:09][2245566][140093847238400][CSmResponseManager.cpp:231][ProcessResponses][000000000000000000000000660aa8c0-2243be-69ca6731-23fff700-00b9795ce891][192.168.10.53][][apache][/test2/test.html][abcd][SM_WAF_HTTP_PLUGIN->ProcessResponses returned SmSuccess.]
[03/30/2026][17:36:09][2245566][140093847238400][CSmSessionManager.cpp:209][CSmSessionManager::CreateSession][000000000000000000000000660aa8c0-2243be-69ca6731-23fff700-00b9795ce891][192.168.10.53][][apache][/test2/test.html][abcd][Calling SM_WAF_HTTP_PLUGIN->CreateSession.]
[03/30/2026][17:36:09][2245566][140093847238400][CSmHttpPlugin.cpp:2139][CSmHttpPlugin::CreateSession][000000000000000000000000660aa8c0-2243be-69ca6731-23fff700-00b9795ce891][192.168.10.53][][apache][/test2/test.html][abcd][Generated SMSESSION cookie.]
[03/30/2026][17:36:09][2245566][140093847238400][CSmSessionManager.cpp:247][CSmSessionManager::CreateSession][000000000000000000000000660aa8c0-2243be-69ca6731-23fff700-00b9795ce891][192.168.10.53][][apache][/test2/test.html][abcd][SM_WAF_HTTP_PLUGIN->CreateSession returned SmSuccess.]
[03/30/2026][17:36:09][2245566][140093847238400][CSmLowLevelAgent.cpp:3466][AuthorizeUser][000000000000000000000000660aa8c0-2243be-69ca6731-23fff700-00b9795ce891][192.168.10.53][][apache][/test2/test.html][abcd][User 'cn=abcd,o=ustore,c=in' is authorized by Policy Server.]
[03/30/2026][17:36:09][2245566][140093847238400][CSmResponseManager.cpp:193][ProcessResponses][000000000000000000000000660aa8c0-2243be-69ca6731-23fff700-00b9795ce891][192.168.10.53][][apache][/test2/test.html][abcd][Calling SM_WAF_HTTP_PLUGIN->ProcessResponses.]
[03/30/2026][17:36:09][2245566][140093847238400][CSmHttpPlugin.cpp:4177][CSmHttpPlugin::ProcessResponses][000000000000000000000000660aa8c0-2243be-69ca6731-23fff700-00b9795ce891][192.168.10.53][][apache][/test2/test.html][abcd][Processing Authorization responses.]
[03/30/2026][17:36:09][2245566][140093847238400][CSmHttpPlugin.cpp:4184][CSmHttpPlugin::ProcessResponses][000000000000000000000000660aa8c0-2243be-69ca6731-23fff700-00b9795ce891][192.168.10.53][][apache][/test2/test.html][abcd][Removing HTTP cache request headers.]
[03/30/2026][17:36:09][2245566][140093847238400][CSmResponseManager.cpp:231][ProcessResponses][000000000000000000000000660aa8c0-2243be-69ca6731-23fff700-00b9795ce891][192.168.10.53][][apache][/test2/test.html][abcd][SM_WAF_HTTP_PLUGIN->ProcessResponses returned SmSuccess.]
[03/30/2026][17:36:09][2245566][140093847238400][CSmHighLevelAgent.cpp:825][ProcessRequest][000000000000000000000000660aa8c0-2243be-69ca6731-23fff700-00b9795ce891][192.168.10.53][][apache][/test2/test.html][abcd][AuthorizationManager returned SmYes, end new request.]
[03/30/2026][17:36:09][2245566][140093847238400][CSmHighLevelAgent.cpp:948][ProcessRequest][000000000000000000000000660aa8c0-2243be-69ca6731-23fff700-00b9795ce891][192.168.10.53][][apache][/test2/test.html][abcd][End new request.]
[03/30/2026][17:36:09][2245566][140093847238400][CSmLowLevelAgent.cpp:4325][ReportHealthData][][][][][][][Accumulating HealthMonitorCtxt.]
[03/30/2026][17:36:56][2715878][140093822060288][CSmHighLevelAgent.cpp:325][ProcessRequest][000000000000000000000000660aa8c0-2970e6-69ca6760-227fc700-6b9f6ccac57c][][][][][][Start new request.]
[03/30/2026][17:36:56][2715878][140093822060288][CSmResourceManager.cpp:75][CSmResourceManager::ProcessResource][000000000000000000000000660aa8c0-2970e6-69ca6760-227fc700-6b9f6ccac57c][][][][][][Calling SM_WAF_HTTP_PLUGIN->ProcessResource.]
[03/30/2026][17:36:56][2715878][140093822060288][SmApache24WebFilterCtxt.cpp:1779][CSmApache24WebFilterCtxt::SetP3PCompactPolicy][][][][][][][sP3PCompactPolicy: '']
[03/30/2026][17:36:56][2715878][140093822060288][CSmHttpPlugin.cpp:597][CSmHttpPlugin::ProcessResource][000000000000000000000000660aa8c0-2970e6-69ca6760-227fc700-6b9f6ccac57c][][][][][][Resolved HTTP_HOST: 'kyn-siteminder-02.kyndleit.com'.]
[03/30/2026][17:36:56][2715878][140093822060288][CSmHttpPlugin.cpp:6338][Entered CSmHttpPlugin::ResolveFQServerName sHost: ][][][][][][][kyn-siteminder-02.kyndleit.com]
[03/30/2026][17:36:56][2715878][140093822060288][CSmHttpPlugin.cpp:687][CSmHttpPlugin::ProcessResource][000000000000000000000000660aa8c0-2970e6-69ca6760-227fc700-6b9f6ccac57c][][][][][][Resolved hostname: 'kyn-siteminder-02.kyndleit.com'.]
[03/30/2026][17:36:56][2715878][140093822060288][CSmHttpPlugin.cpp:706][CSmHttpPlugin::ProcessResource][000000000000000000000000660aa8c0-2970e6-69ca6760-227fc700-6b9f6ccac57c][][][][][][Resolved agentname: 'apache'.]
[03/30/2026][17:36:56][2715878][140093822060288][CSmHttpPlugin.cpp:6716][CSmHttpPlugin::ResolveClientIp][000000000000000000000000660aa8c0-2970e6-69ca6760-227fc700-6b9f6ccac57c][][][apache][][][Resolved Client IP address '192.168.10.53'.]
[03/30/2026][17:36:56][2715878][140093822060288][CSmHttpPlugin.cpp:888][CSmHttpPlugin::ProcessResource][000000000000000000000000660aa8c0-2970e6-69ca6760-227fc700-6b9f6ccac57c][192.168.10.53][][apache][][][Resolved URL: '/logout/logout.html'.]
[03/30/2026][17:36:56][2715878][140093822060288][CSmHttpPlugin.cpp:997][CSmHttpPlugin::ProcessResource][000000000000000000000000660aa8c0-2970e6-69ca6760-227fc700-6b9f6ccac57c][192.168.10.53][][apache][/logout/logout.html][][LogoffURI request.]
[03/30/2026][17:36:56][2715878][140093822060288][CSmHttpPlugin.cpp:1005][CSmHttpPlugin::ProcessResource][000000000000000000000000660aa8c0-2970e6-69ca6760-227fc700-6b9f6ccac57c][192.168.10.53][][apache][/logout/logout.html][][Removing HTTP cache request headers.]
[03/30/2026][17:36:56][2715878][140093822060288][CSmHttpPlugin.cpp:1032][CSmHttpPlugin::ProcessResource][000000000000000000000000660aa8c0-2970e6-69ca6760-227fc700-6b9f6ccac57c][192.168.10.53][][apache][/logout/logout.html][][Resolved METHOD: 'GET'.]
[03/30/2026][17:36:56][2715878][140093822060288][CSmHttpPlugin.cpp:1095][CSmHttpPlugin::ProcessResource][000000000000000000000000660aa8c0-2970e6-69ca6760-227fc700-6b9f6ccac57c][192.168.10.53][][apache][/logout/logout.html][][Resolved cookie domain: '.kyndleit.com'.]
[03/30/2026][17:36:56][2715878][140093822060288][CSmResourceManager.cpp:112][CSmResourceManager::ProcessResource][000000000000000000000000660aa8c0-2970e6-69ca6760-227fc700-6b9f6ccac57c][192.168.10.53][][apache][/logout/logout.html][][SM_WAF_HTTP_PLUGIN->ProcessResource returned SmSuccess.]
[03/30/2026][17:36:56][2715878][140093822060288][CSmSessionManager.cpp:82][CSmSessionManager::EstablishSession][000000000000000000000000660aa8c0-2970e6-69ca6760-227fc700-6b9f6ccac57c][192.168.10.53][][apache][/logout/logout.html][][Calling SM_WAF_HTTP_PLUGIN->EstablishSession.]
[03/30/2026][17:36:56][2715878][140093822060288][CSmHttpPlugin.cpp:7806][CSmHttpPlugin::ProcessSessionCookie][000000000000000000000000660aa8c0-2970e6-69ca6760-227fc700-6b9f6ccac57c][192.168.10.53][][apache][/logout/logout.html][abcd][Decoded SMSESSION cookie - User = 'cn=abcd,o=ustore,c=in', IP address = '192.168.10.53'.]
[03/30/2026][17:36:56][2715878][140093822060288][CSmHttpPlugin.cpp:2905][CSmHttpPlugin::EstablishSession][000000000000000000000000660aa8c0-2970e6-69ca6760-227fc700-6b9f6ccac57c][192.168.10.53][][apache][/logout/logout.html][abcd][Processed SMSESSION cookie.]
[03/30/2026][17:36:56][2715878][140093822060288][CSmSessionManager.cpp:119][CSmSessionManager::EstablishSession][000000000000000000000000660aa8c0-2970e6-69ca6760-227fc700-6b9f6ccac57c][192.168.10.53][][apache][/logout/logout.html][abcd][SM_WAF_HTTP_PLUGIN->EstablishSession returned SmSuccess.]
[03/30/2026][17:36:56][2715878][140093822060288][CSmLowLevelAgent.cpp:4125][LogoutSession][000000000000000000000000660aa8c0-2970e6-69ca6760-227fc700-6b9f6ccac57c][192.168.10.53][][apache][/logout/logout.html][abcd][Calling LogoutSession for session 'TndmUZryFjuN4q6oqrSAQZnpHX8='.]
[03/30/2026][17:36:56][2715878][140093822060288][CSmLowLevelAgent.cpp:5216][LogoutSession][][][][][][][Session logged out.]
[03/30/2026][17:36:56][2715878][140093822060288][CSmSessionManager.cpp:294][CSmSessionManager::TerminateSession][000000000000000000000000660aa8c0-2970e6-69ca6760-227fc700-6b9f6ccac57c][192.168.10.53][][apache][/logout/logout.html][abcd][Calling SM_WAF_HTTP_PLUGIN->TerminateSession.]
[03/30/2026][17:36:56][2715878][140093822060288][CSmHttpPlugin.cpp:3187][CSmHttpPlugin::TerminateSession][000000000000000000000000660aa8c0-2970e6-69ca6760-227fc700-6b9f6ccac57c][192.168.10.53][][apache][/logout/logout.html][abcd][Removing SMSESSION cookie.]
[03/30/2026][17:36:56][2715878][140093822060288][CSmSessionManager.cpp:332][CSmSessionManager::TerminateSession][000000000000000000000000660aa8c0-2970e6-69ca6760-227fc700-6b9f6ccac57c][192.168.10.53][][apache][/logout/logout.html][abcd][SM_WAF_HTTP_PLUGIN->TerminateSession returned SmSuccess.]
[03/30/2026][17:36:56][2715878][140093822060288][CSmHighLevelAgent.cpp:406][ProcessRequest][000000000000000000000000660aa8c0-2970e6-69ca6760-227fc700-6b9f6ccac57c][192.168.10.53][][apache][/logout/logout.html][abcd][ProtectionManager returned SmNo, end new request.]
[03/30/2026][17:36:56][2715878][140093822060288][CSmLowLevelAgent.cpp:4325][ReportHealthData][][][][][][][Accumulating HealthMonitorCtxt.]
[03/30/2026][17:37:21][2698594][140094073710336][CSmHighLevelAgent.cpp:325][ProcessRequest][000000000000000000000000660aa8c0-292d62-69ca6779-317fa700-91eb28c24e6c][][][][][][Start new request.]
[03/30/2026][17:37:53][2715878][140094333245184][CSmResourceManager.cpp:75][CSmResourceManager::ProcessResource][000000000000000000000000660aa8c0-2970e6-69ca6799-40f7d700-71477348824f][][][][][][Calling SM_WAF_HTTP_PLUGIN->ProcessResource.]
[03/30/2026][17:37:53][2715878][140094333245184][SmApache24WebFilterCtxt.cpp:1779][CSmApache24WebFilterCtxt::SetP3PCompactPolicy][][][][][][][sP3PCompactPolicy: '']
[03/30/2026][17:37:53][2715878][140094333245184][CSmHttpPlugin.cpp:597][CSmHttpPlugin::ProcessResource][000000000000000000000000660aa8c0-2970e6-69ca6799-40f7d700-71477348824f][][][][][][Resolved HTTP_HOST: 'kyn-siteminder-02.kyndleit.com'.]
[03/30/2026][17:37:53][2715878][140094333245184][CSmHttpPlugin.cpp:6338][Entered CSmHttpPlugin::ResolveFQServerName sHost: ][][][][][][][kyn-siteminder-02.kyndleit.com]
[03/30/2026][17:37:53][2715878][140094333245184][CSmHttpPlugin.cpp:687][CSmHttpPlugin::ProcessResource][000000000000000000000000660aa8c0-2970e6-69ca6799-40f7d700-71477348824f][][][][][][Resolved hostname: 'kyn-siteminder-02.kyndleit.com'.]
[03/30/2026][17:37:53][2715878][140094333245184][CSmHttpPlugin.cpp:706][CSmHttpPlugin::ProcessResource][000000000000000000000000660aa8c0-2970e6-69ca6799-40f7d700-71477348824f][][][][][][Resolved agentname: 'apache'.]
[03/30/2026][17:37:53][2715878][140094333245184][CSmHttpPlugin.cpp:6716][CSmHttpPlugin::ResolveClientIp][000000000000000000000000660aa8c0-2970e6-69ca6799-40f7d700-71477348824f][][][apache][][][Resolved Client IP address '192.168.10.53'.]
[03/30/2026][17:37:53][2715878][140094333245184][CSmHttpPlugin.cpp:888][CSmHttpPlugin::ProcessResource][000000000000000000000000660aa8c0-2970e6-69ca6799-40f7d700-71477348824f][192.168.10.53][][apache][][][Resolved URL: '/test2/test.html'.]
[03/30/2026][17:37:53][2715878][140094333245184][CSmHttpPlugin.cpp:1032][CSmHttpPlugin::ProcessResource][000000000000000000000000660aa8c0-2970e6-69ca6799-40f7d700-71477348824f][192.168.10.53][][apache][/test2/test.html][][Resolved METHOD: 'GET'.]
[03/30/2026][17:37:53][2715878][140094333245184][CSmHttpPlugin.cpp:1095][CSmHttpPlugin::ProcessResource][000000000000000000000000660aa8c0-2970e6-69ca6799-40f7d700-71477348824f][192.168.10.53][][apache][/test2/test.html][][Resolved cookie domain: '.kyndleit.com'.]
[03/30/2026][17:37:53][2715878][140094333245184][CSmResourceManager.cpp:112][CSmResourceManager::ProcessResource][000000000000000000000000660aa8c0-2970e6-69ca6799-40f7d700-71477348824f][192.168.10.53][][apache][/test2/test.html][][SM_WAF_HTTP_PLUGIN->ProcessResource returned SmSuccess.]
[03/30/2026][17:37:53][2715878][140094333245184][CSmSessionManager.cpp:82][CSmSessionManager::EstablishSession][000000000000000000000000660aa8c0-2970e6-69ca6799-40f7d700-71477348824f][192.168.10.53][][apache][/test2/test.html][][Calling SM_WAF_HTTP_PLUGIN->EstablishSession.]
[03/30/2026][17:37:53][2715878][140094333245184][CSmHttpPlugin.cpp:7806][CSmHttpPlugin::ProcessSessionCookie][000000000000000000000000660aa8c0-2970e6-69ca6799-40f7d700-71477348824f][192.168.10.53][][apache][/test2/test.html][abcd][Decoded SMSESSION cookie - User = 'cn=abcd,o=ustore,c=in', IP address = '192.168.10.53'.]
[03/30/2026][17:37:53][2715878][140094333245184][CSmHttpPlugin.cpp:2905][CSmHttpPlugin::EstablishSession][000000000000000000000000660aa8c0-2970e6-69ca6799-40f7d700-71477348824f][192.168.10.53][][apache][/test2/test.html][abcd][Processed SMSESSION cookie.]
[03/30/2026][17:37:53][2715878][140094333245184][CSmSessionManager.cpp:119][CSmSessionManager::EstablishSession][000000000000000000000000660aa8c0-2970e6-69ca6799-40f7d700-71477348824f][192.168.10.53][][apache][/test2/test.html][abcd][SM_WAF_HTTP_PLUGIN->EstablishSession returned SmSuccess.]
[03/30/2026][17:37:53][2715878][140094333245184][CSmLowLevelAgent.cpp:552][IsResourceProtected][000000000000000000000000660aa8c0-2970e6-69ca6799-40f7d700-71477348824f][192.168.10.53][][apache][/test2/test.html][abcd][Resource is protected from Policy Server.]
[03/30/2026][17:37:53][2715878][140094333245184][CSmResponseManager.cpp:193][ProcessResponses][000000000000000000000000660aa8c0-2970e6-69ca6799-40f7d700-71477348824f][192.168.10.53][][apache][/test2/test.html][abcd][Calling SM_WAF_HTTP_PLUGIN->ProcessResponses.]
[03/30/2026][17:37:53][2715878][140094333245184][CSmHttpPlugin.cpp:3551][CSmHttpPlugin::ProcessResponses][000000000000000000000000660aa8c0-2970e6-69ca6799-40f7d700-71477348824f][192.168.10.53][][apache][/test2/test.html][abcd][Processing IsProtected responses.]
[03/30/2026][17:37:53][2715878][140094333245184][CSmResponseManager.cpp:231][ProcessResponses][000000000000000000000000660aa8c0-2970e6-69ca6799-40f7d700-71477348824f][192.168.10.53][][apache][/test2/test.html][abcd][SM_WAF_HTTP_PLUGIN->ProcessResponses returned SmSuccess.]
[03/30/2026][17:37:53][2715878][140094333245184][CSmCredentialManager.cpp:103][CSmCredentialManager::GatherCredentials][000000000000000000000000660aa8c0-2970e6-69ca6799-40f7d700-71477348824f][192.168.10.53][][apache][/test2/test.html][abcd][Found session, no credentials required.]
[03/30/2026][17:37:53][2715878][140094333245184][CSmLowLevelAgent.cpp:1080][AuthenticateUser][000000000000000000000000660aa8c0-2970e6-69ca6799-40f7d700-71477348824f][192.168.10.53][][apache][/test2/test.html][abcd][Validating session 'TndmUZryFjuN4q6oqrSAQZnpHX8=' for user 'cn=abcd,o=ustore,c=in' in zone 'SM'.]
[03/30/2026][17:37:53][2715878][140094333245184][CSmLowLevelAgent.cpp:1479][AuthenticateUser][000000000000000000000000660aa8c0-2970e6-69ca6799-40f7d700-71477348824f][192.168.10.53][][apache][/test2/test.html][abcd][User 'cn=abcd,o=ustore,c=in' is authenticated from cache.]
[03/30/2026][17:37:53][2715878][140094333245184][CSmResponseManager.cpp:193][ProcessResponses][000000000000000000000000660aa8c0-2970e6-69ca6799-40f7d700-71477348824f][192.168.10.53][][apache][/test2/test.html][abcd][Calling SM_WAF_HTTP_PLUGIN->ProcessResponses.]
[03/30/2026][17:37:53][2715878][140094333245184][CSmHttpPlugin.cpp:3762][CSmHttpPlugin::ProcessResponses][000000000000000000000000660aa8c0-2970e6-69ca6799-40f7d700-71477348824f][192.168.10.53][][apache][/test2/test.html][abcd][Processing Authentication responses.]
[03/30/2026][17:37:53][2715878][140094333245184][CSmResponseManager.cpp:231][ProcessResponses][000000000000000000000000660aa8c0-2970e6-69ca6799-40f7d700-71477348824f][192.168.10.53][][apache][/test2/test.html][abcd][SM_WAF_HTTP_PLUGIN->ProcessResponses returned SmSuccess.]
[03/30/2026][17:37:53][2715878][140094333245184][CSmSessionManager.cpp:209][CSmSessionManager::CreateSession][000000000000000000000000660aa8c0-2970e6-69ca6799-40f7d700-71477348824f][192.168.10.53][][apache][/test2/test.html][abcd][Calling SM_WAF_HTTP_PLUGIN->CreateSession.]
[03/30/2026][17:37:53][2715878][140094333245184][CSmHttpPlugin.cpp:2139][CSmHttpPlugin::CreateSession][000000000000000000000000660aa8c0-2970e6-69ca6799-40f7d700-71477348824f][192.168.10.53][][apache][/test2/test.html][abcd][Generated SMSESSION cookie.]
[03/30/2026][17:37:53][2715878][140094333245184][CSmSessionManager.cpp:247][CSmSessionManager::CreateSession][000000000000000000000000660aa8c0-2970e6-69ca6799-40f7d700-71477348824f][192.168.10.53][][apache][/test2/test.html][abcd][SM_WAF_HTTP_PLUGIN->CreateSession returned SmSuccess.]
[03/30/2026][17:37:53][2715878][140094333245184][CSmLowLevelAgent.cpp:3461][AuthorizeUser][000000000000000000000000660aa8c0-2970e6-69ca6799-40f7d700-71477348824f][192.168.10.53][][apache][/test2/test.html][abcd][User 'cn=abcd,o=ustore,c=in' is authorized from cache.]
[03/30/2026][17:37:53][2715878][140094333245184][CSmResponseManager.cpp:193][ProcessResponses][000000000000000000000000660aa8c0-2970e6-69ca6799-40f7d700-71477348824f][192.168.10.53][][apache][/test2/test.html][abcd][Calling SM_WAF_HTTP_PLUGIN->ProcessResponses.]
[03/30/2026][17:37:53][2715878][140094333245184][CSmHttpPlugin.cpp:4177][CSmHttpPlugin::ProcessResponses][000000000000000000000000660aa8c0-2970e6-69ca6799-40f7d700-71477348824f][192.168.10.53][][apache][/test2/test.html][abcd][Processing Authorization responses.]
[03/30/2026][17:37:53][2715878][140094333245184][CSmHttpPlugin.cpp:4184][CSmHttpPlugin::ProcessResponses][000000000000000000000000660aa8c0-2970e6-69ca6799-40f7d700-71477348824f][192.168.10.53][][apache][/test2/test.html][abcd][Removing HTTP cache request headers.]
[03/30/2026][17:37:53][2715878][140094333245184][CSmResponseManager.cpp:231][ProcessResponses][000000000000000000000000660aa8c0-2970e6-69ca6799-40f7d700-71477348824f][192.168.10.53][][apache][/test2/test.html][abcd][SM_WAF_HTTP_PLUGIN->ProcessResponses returned SmSuccess.]
[03/30/2026][17:37:53][2715878][140094333245184][CSmHighLevelAgent.cpp:825][ProcessRequest][000000000000000000000000660aa8c0-2970e6-69ca6799-40f7d700-71477348824f][192.168.10.53][][apache][/test2/test.html][abcd][AuthorizationManager returned SmYes, end new request.]
[03/30/2026][17:37:53][2715878][140094333245184][CSmHighLevelAgent.cpp:948][ProcessRequest][000000000000000000000000660aa8c0-2970e6-69ca6799-40f7d700-71477348824f][192.168.10.53][][apache][/test2/test.html][abcd][End new request.]

Best Regards,

Ramarao P
-------------------------------------------

Original Message
6. RE: Session Still Valid After Logout Due to SAG Cache – How to Invalidate?

Recommend
Broadcom Employee

Hongxu Liu
Posted Mar 31, 2026 08:58 AM

Reply Reply Privately
Please check out this tech article.

https://knowledge.broadcom.com/external/article/266333/users-web-agent-session-remains-active-a.html

users web agent session remains active
-------------------------------------------

Original Message
7. RE: Session Still Valid After Logout Due to SAG Cache – How to Invalidate?

Recommend
P RAMARAO
Posted Mar 31, 2026 09:42 AM

Reply Reply Privately
Dear Hongxu Liu,

Thank you for your response.

We have already enabled EnableFlushUserCmdOnLogout, however it is taking more than 1 minute to clear the session cache from the SAG server.

Additionally:

We have enabled IP checking, but we require immediate logout behavior even from the same machine.

We tried reducing the session validation period = 1 second, but this significantly impacts user experience, as every request is validated by the Policy Server.

We also tested setting MaxSessionCacheSize = 0, but this results in authentication being required for every request, which again negatively impacts user experience.

Could you please suggest if there are any alternative approaches to achieve immediate session invalidation on logout without impacting performance?

Best Regards,

Ramarao P
-------------------------------------------

Original Message
8. RE: Session Still Valid After Logout Due to SAG Cache – How to Invalidate?

Recommend
Broadcom Employee

Hongxu Liu
Posted Mar 31, 2026 10:42 AM

Reply Reply Privately
Hi Ramarao,

The tech note covers the existing features the product can offer, beyond that, all other requirement is considered feature enhancement.

Any performance impact to some degree can be alleviated by system tuning or better hardware, etc.

The assumption of the original problem is that an existing session is hijacked or reused, then perhaps additional security measure can be taken to prevent session from being stolen.

In addition, integrate other MFA (e.g. IDPS "vip Authhub") solution on top of SiteMinder as further layer of protection for the login.

Thank You,

Hongxu

-------------------------------------------

Original Message

Symantec Access Management

Session Still Valid After Logout Due to SAG Cache – How to Invalidate?

P RAMARAOMar 24, 2026 03:05 AM

Camil HuricMar 26, 2026 10:53 AM

P RAMARAOMar 27, 2026 02:39 AM

Camil HuricMar 27, 2026 01:44 PM

P RAMARAOMar 30, 2026 08:40 AM

Hongxu LiuMar 31, 2026 08:58 AM

P RAMARAOMar 31, 2026 09:42 AM

Hongxu LiuMar 31, 2026 10:42 AM

1. Session Still Valid After Logout Due to SAG Cache – How to Invalidate?

2. RE: Session Still Valid After Logout Due to SAG Cache – How to Invalidate?

3. RE: Session Still Valid After Logout Due to SAG Cache – How to Invalidate?

4. RE: Session Still Valid After Logout Due to SAG Cache – How to Invalidate?

5. RE: Session Still Valid After Logout Due to SAG Cache – How to Invalidate?

6. RE: Session Still Valid After Logout Due to SAG Cache – How to Invalidate?

7. RE: Session Still Valid After Logout Due to SAG Cache – How to Invalidate?

8. RE: Session Still Valid After Logout Due to SAG Cache – How to Invalidate?