Occasional Logout Failure due to missing session

Jakub Danek jakub.danek at yoso.fi
Thu Nov 26 13:37:52 UTC 2020

Hi Scott,

Thanks for your reply and information. We will have to come up with a way
to present the situation to the users in some acceptable way.


On Wed, 25 Nov 2020 at 16:59, Cantor, Scott <cantor.2 at osu.edu> wrote:

> There are any number of reasons sessions can be gone, all the IdP knows is
> it's gone. Client side sessions and a changing IP address are all it really
> takes to reproduce pretty easily. You also have the problem that most IdPs
> don't do single logout, so a logout by one SP will simply orphan the
> sessions at all the rest and their attempt to logout later will always
> cause this error.
> > Anyone any ideas what might be causing this / where to look at the SP
> side?
> There's nothing you could look at, it's not on the SP side.
> > And what we can do to improve user experience?
> If you figure that out, you'll be the first I know of.
> > I would love to provide a custom error page for this case, but since the
> response does not contain any details to identify
> > this particular issue, hiding all errors from "logout" processes via SP
> error handling seems like a bad idea.
> All you know is it failed and the problem is that no user is going to
> understand that concept. That doesn't change what happened. The best the SP
> can do is allow redirection to handle the error, I certainly wouldn't use
> the built-in templates, but there's not much else it can do.
> This is the only case the SP ever gets control back from a logout, so in
> effect if you have to do anything at all, you basically are talking about
> an error. A successful logout has to end up at the IdP.
> I can't exactly recall what the Shibboleth IdP does when the asynchronous
> option is used and an error happens, but I suspect that will probably
> result in an equally bad error page at the IdP end instead.
> -- Scott
> --
> For Consortium Member technical support, see
> https://wiki.shibboleth.net/confluence/x/coFAAg
> To unsubscribe from this list send an email to
> users-unsubscribe at shibboleth.net
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20201126/aa304560/attachment.htm>

More information about the users mailing list