AnsweredAssumed Answered

Clear SMSession when cookie provider is used

Question asked by AroraS on Sep 18, 2018
Latest reply on Oct 12, 2018 by AroraS

We have a Custom Login application (Login) with domain name ( implemented as a single Login gateway for all the enterprise applications. The login app is SM protected and have cookie provider configured. The Login screen post credentials to login.fcc page for authentication. I have an enterprise web app (app1)  with different domain name ( and is siteminder minder protected using SM agent.  


We are not using SM Session store and session is controlled by login app (login) as SiteMinder was implemented in our environment  only 2 yrs back and custom SSO existed much before. App1 has form based authentication. When user  try to login to app1, user is redirected to Login app (gateway) and upon successful authentication is redirected to app1. If user is idle on app1 for 30 minutes, form session timeout happen and if user tries to click any link on the page, we want to log off and remove SMSession.


All the solutions on the net, I have found doesn't describe clearly how to implement logout with example.


Any help is appreciated as we are on a tight timeline!