We have a Custom Login application (Login) with domain name (x.abc.com) implemented as a single Login gateway for all the enterprise applications. The login app is SM protected and have cookie provider configured. The Login screen post credentials to login.fcc page for authentication. I have an enterprise web app (app1) with different domain name (y.xyz.net) and is siteminder minder protected using SM agent.
We are not using SM Session store and session is controlled by login app (login) as SiteMinder was implemented in our environment only 2 yrs back and custom SSO existed much before. App1 has asp.net form based authentication. When user try to login to app1, user is redirected to Login app (gateway) and upon successful authentication is redirected to app1. If user is idle on app1 for 30 minutes, form session timeout happen and if user tries to click any link on the page, we want to log off and remove SMSession.
All the solutions on the net, I have found doesn't describe clearly how to implement logout with example.
Any help is appreciated as we are on a tight timeline!