Skip to main content
Aria Knowledge Central

Logout and User Expectations


When a user clicks a logout button or link in Aria, the user’s web application session and service provider session are ended, but the user is not logged out of the IdP. Therefore, if the user were to return to the Aria application, they would be automatically re-authenticated because their IdP session cookie is still valid.

Since an IdP does not know which service providers to which the user has sessions, it cannot inform those service providers to destroy the user’s sessions. This creates a false sense of security for users since it provides the impression that they are logged out of all SSO applications.

  • Was this article helpful?