Hi Philip,
It looks like you are implementing your own customized log off logic.
Why not go with the OOTB logout configuration ?
Comprehensive Log Out - CA Single Sign-On - 12.52 SP1 - CA Technologies Documentation
Configure Full Logoff
The full log-out feature uses a custom log-out page that you create with the following parameter:
LogOffUri
Enables the full log-out function by specifying the URI of a custom web page. This custom web page appears to users after they are successfully logged off. Configure this page so that it cannot be stored in a browser cache. Otherwise, a browser could possibly display a log-out page from its cache without logging the user off. If this situation happens, unauthorized users could possibly have an opportunity to assume control of a session.
Note: When the CookiePath parameter is set, the value of the LogOffUri parameter must point to the same cookie path. For example, if the value of your CookiePath parameter is set to example.com, then your LogOffUri must point to example.com/logoff.html
Default: (all agents except the CA Single Sign-on Agent for SharePoint r12.0.3.0) No default
Limits: Multiple URI values permitted.Do not use a fully qualified URL.Use a relative URI.
Example:(all agents except the CA Single Sign-on Agent for SharePoint r12.0.3.0) /Web pages/logoff.html
Follow these steps:
- Create a custom HTTP application that logs the user off. For example, add an Exit or Sign Off button that redirects the user to a URL you specify.
Set up the log-out page so it cannot be cached in web browsers. This setting increases security because the page is always served from the web server, and not the cache of the browser. For example, for HTML pages, you can add the following meta tags to the page:
< META HTTP-EQUIV="Pragma" CONTENT="no-cache">
< META HTTP-EQUIV="Expires" CONTENT="-1">
Important! Some web browsers do not support meta tags. Use a cache-control HTTP header instead.
- Configure the LogOffUri parameter with the following steps:
- Delete the pound sign (#), if necessary.
- Enter the URI of the custom HTTP file that will log the user off. Do not usea fully qualified URL.
Example: /logoff.htm
The full log-out feature is configured.
If that still doesn't work , we will need to look at :
- HTTP Header trace (fiddler log Fiddler - Free Web Debugging Proxy - Telerik )
- web agent trace log
Regards,
Ujwol