SMSESSION cookie

387 views

Skip to first unread message

Manikandan. M

unread,

Mar 28, 2016, 12:57:22 AM3/28/16

to Chromium-discuss

We are currently integrated Salesforce with siteminder SSO. When user logout from the Salesforce, smsession and usersessionstate siteminder cookies are getting set in the client browser as a result when user clicks on login again option, the Salesforce home page directly loads instead of requesting user to enter the credentials. This is a major security threat for us. Is there way to over come this issue? Note that, we are having a custom Java script in the logout url to delete all the cookies when user come out of web application. Please help us to delete the cookie. More importantly this cookie is set alive only on chrome. We tested the same scenario with IE where it doesn't happen. Please provide a detail solution as soon as possible. Your help is much appreciated.

PhistucK

unread,

Mar 28, 2016, 1:46:47 AM3/28/16

to maanik...@gmail.com, Chromium-discuss

Without a URL and some code that demonstrates the problem, there is little we can do.

Also, stackoverflow.com is probably a better place for this discussion.

☆PhistucK

On Mon, Mar 28, 2016 at 7:57 AM, Manikandan. M <maanik...@gmail.com> wrote:

We are currently integrated Salesforce with siteminder SSO. When user logout from the Salesforce, smsession and usersessionstate siteminder cookies are getting set in the client browser as a result when user clicks on login again option, the Salesforce home page directly loads instead of requesting user to enter the credentials. This is a major security threat for us. Is there way to over come this issue? Note that, we are having a custom Java script in the logout url to delete all the cookies when user come out of web application. Please help us to delete the cookie. More importantly this cookie is set alive only on chrome. We tested the same scenario with IE where it doesn't happen. Please provide a detail solution as soon as possible. Your help is much appreciated.

--
--
Chromium Discussion mailing list: chromium...@chromium.org
View archives, change email options, or unsubscribe:
http://groups.google.com/a/chromium.org/group/chromium-discuss

---
You received this message because you are subscribed to the Google Groups "Chromium-discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to chromium-discu...@chromium.org.

Reply all

Reply to author

Forward

0 new messages