Forcing logout with NativeSP

Cantor, Scott cantor.2 at
Fri Sep 30 18:14:04 BST 2011

On 9/30/11 2:59 AM, "Stephen Chan" <sychan at> wrote:
>       I considered doing that earlier but wasn't sure if bypassing the
>    logout handler was well advised. So just clearing the cookies
>    containing "_shibsession_" would do the trick? I don't necessarily
>    know all the cookies generated by the app and its collection of
>    subpackages.

You may not clean the cookie solely based on the name. I will not
guarantee that the name will be the same, that¹s not a public API. If you
don't know the other cookies enough to know which are which, then no, that
would not work.

As far as what's advisable, if you don't care about freeing the session
from memory before it's kicked out by heuristics, then clearing the cookie
is enough to orphan the session.

-- Scott

More information about the users mailing list