I already configure the logout uri in ACO and not protect it. but during I logged out. then I type some of my webapp url directly in browser, it still could access directly without a popup window which make me input the user and password.
and sometimes, first time I type and enter my url, it need user and password. then I close the popup window. and reenter the ulr, finally I can still get access without authentication and the SM_USER is still the previous user.
Do you guys meet this kind of issue?