Hi Jin,
Invalidating user session on browser window unload when user clicks on browser's close (X) button is not recommended for application like Identity Portal which supports opening up multiple browser windows (or tabs) and allow users to work simultaneously on different features/modules of the application.
Assume that you have opened up two different modules (1. Access 2. My Requests) in two different tabs of the browser to work simultaneously. Once you are done working with My Requests module, you may prefer to close that browser window and continue to work with Access module on an another window. Considering your request, if we invalidate the session upon closing the browser window, you will be prompted for authentication to continue your work on another window i.e., Access module window. Which is not a desired user experience.
So, it's cautious design decision to not to invalidate the session upon browser window close. So that user can continue to work until actual session timeout takes place.
------------------------------
Vijay Mamidi,
Identity Governance & Administration,
Broadcom.
------------------------------
Original Message:
Sent: 05-17-2020 11:13 PM
From: Jin Zhong Chin
Subject: Identity Portal session didn't logout after close browser tab
Hi All,
The Identity Portal session didn't logout after i close Identity Portal browser tab directly without logout.
I can bypass the credential login if i use the browser reopen recent close tab function or open Identity Portal bookmark before my session timeout.
Can Identity Portal be configure to logout or drop the user session if user close the browser tab?