When an IdP server receives a request for SLO, the logout service removes the user’s session from the application server and it redirects the user’s browser to the logout service defined in the IdP configuration. Most web-based applications store data about active users within memory and index this collection of data with a randomly generated number called a session ID. A session ID is normally stored in a browser cookie so that each time the user returns, the cookie is presented to the application and the application locates the relevant session data.
If a user is using Aria in two separate web browser instances simultaneously, then each browser session has a cookie session attached to it. If a user logs out of the Aria application locally in one of the browsers, then the cookie session for the browser that initiates the logout is terminated for that session. However, the session in the other browser is still active which means that the user is still logged in to Aria.
Logging Out of Aria with SSO Implemented
To be completely logged out of Aria with SLO implemented, the user must:
- Logout from Aria in all open browser sessions.
- Be logged out automatically by Aria due to a session timeout.
- Manually logout from the IdP portal.
- Be logged out automatically by the IdP if the IdP enforces a session timeout.