I discovered a strange situation causing me some trouble in managing the application logout.
Sometime (not always) when the user selects the logout page, he gets in the response 2 set-cookie commands:
- the first is setting the value LOGGEDOFF
- the second is setting a new cookie value;
as a result the browser set the second value and the session remains still valid.
Any idea about this behavior?
Any possible configuration to check?