Conferences & Events
Events for all Levels and InterestsStay
Jump Start Your Career GrowthStay
Get on the Higher Ed IT MapStay
Uncommon Thinking for the Common Good™Stay
Shibboleth and log out
Shibboleth has a problem with logging out: with the current version, there’s no way to do it!
It’s a known problem. While there are some workarounds, the only one that is acceptable to me is to have the user close out all browser windows. This clears a session cookie named _shibsession_random-id-goes-here.
Chrome adds a twist: closing all Chrome windows no longer clears session cookies! A Chrome process remains running, the “background pages/apps” part, so the cookies persist.
I don’t think this is a reasonable expectation of the average user to know this. Therefore, we may need to anticipate the lowest common denominator with Shibboleth, which is that user sessions will persist as long as the user is logged into the PC.
Does this mean we cannot use Shibboleth for web apps that may be used on shared PCs where consecutive users aren’t separated by a log out/log in or reboot?
Aren Cambre, '99, '03