This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

WAF guidance required - Logout URLs delegation

Hi,

A number of clients are requiring that the logout function of OWA, SharePoint, and other services actually work. currently we are seeing pretty much all services suffering from the issue that if you hit logout and then either hit the back button, or re-open the browser shortly afterwards, the session is still fully authenticated.

this is a full on show stopper for, well, it should be a show stopper for anyone and everyone.

so we have the logout URLS delegation feature on the forms, fab

what the heck do i put in there?

i have tried the full URL that loads when you click Logout, no change.

tried just the /SignOut.aspx or SignOut.aspx, no change

tried using some variables like ../../SignOut.aspx, no change.

is there any documentation around this?

it should just need a one-paragraph of: click logout from the web application, obtain this section of the URL loaded, paste/type that in the box, jobs a good'un

surely?

thanks in advance

Pete

This thread was automatically locked due to age.

Parents

0 PeterHolland over 8 years ago

this is a particularly critical functionality for our customers in the education and healthcare sectors where kiosk/shared computers are used commonly. as it stands anyone can re-open a previously authenticated session, especially if Chrome is used, which doesn't bin session cookies on closing.
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 PeterHolland over 8 years ago

this is a particularly critical functionality for our customers in the education and healthcare sectors where kiosk/shared computers are used commonly. as it stands anyone can re-open a previously authenticated session, especially if Chrome is used, which doesn't bin session cookies on closing.
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data