Skip to main content
Knowledge Central
Aria Knowledge Central

Logout and User Expectations

  1. Last updated
  2. Save as PDF

Overview

When a user clicks a logout button or link in Aria, the user’s web application session and service provider session are ended, but the user is not logged out of the IdP. Therefore, if the user were to return to the Aria application, they would be automatically re-authenticated because their IdP session cookie is still valid.

Since an IdP does not know which service providers to which the user has sessions, it cannot inform those service providers to destroy the user’s sessions. This creates a false sense of security for users since it provides the impression that they are logged out of all SSO applications.

  1. Back to top
  • Was this article helpful?

Recommended articles

  1. Page type
    Topic
  2. Tags
    This page has no tags.