If we log in to a UAG portal in one tab in IE and then log into another application on another tab, we are finding that logging out of the portal will delete any session cookies for the application on the other tab even though the application isn't published via UAG. I've tested this scenario with the 2 completely separate UAG portals we currently host and both exhibit the same behaviour with various applications such as blackboard and results in the user having to re-authenticate. This also occurs when the session times out on UAG and a user is automatically logged out which is causing a steady flow of calls to our IT support desk. Like I mentioned, this is happening even though the applications are not published via the portal and it only seems to occur in IE. Is anyone else experiencing this and has a possible fix, I think I've tried the obvious such as not deleting cookies at log off, we do not install the UAG components on to client machines.
The default logoff page of UAG (InternalSite/LogoffMsg.asp) contains the following code in the windows_onload() function:
This function is mentioned in the following blog:
with the following note:
"It’s worth mentioning that the ClearAuthenticationCache command clears ALL session cookies, Authentication, and Client Certificates for ALL sites running in the current session, so it’s definitely a command to execute judiciously lest you drive your site’s visitors crazy."
So I guess this may explain what you are seeing.
If this is really issue for you, you can create a custom LogOffMsg.asp that does not use this function, but then you are taking a risk as some cookies may "leftover" from the UAG sessions and will not get cleaned (especially if you are not using the cache cleaning component).
Also, if you are using client certificate authentication, you may not clear the SSL state on logoff if you remove this function.
If you still decide to customize your LogOffMsg.asp, please take a look on the following thread for some useful information:
Hope this helps.
- 已建议为答案 ophirpModerator 2012年5月10日 17:19
Thanks Ophir that's really helpful! I thought there must be something written in the log off function which was causing this. I will test this and see what the implications are for our portal, it might just be a case of having to educate users. The main complaints we are seeing is not so much when users log off the portal but when their session has timed out on the portal and they are working on another site on a different tab. As the blog mentioned this does drive some of our users crazy!