When using different workstations or if the browser is closed, there is no issue.In this solution, we will be using custom Java Script pages to invalidate the browser’s HTTP session cookie from the web server.Access to a web servers is typically permitted only through NAM once the user has authenticated to NAM.
The solution consists of the following components: The clear will be placed on the web server.
If “User-A” authenticates to NAM, accesses the application, and then logs out of NAM, the browser will be left with a valid HTTP session cookie for User-A in the browser.
If “User-B” immediately authenticates to NAM using the same browser, and then accesses the web application, User-B will resume User-A’s HTTP session.
Generally this is desired behavior, as it preserves the state of the users previous session with the web server.
The potential problem comes when two users are involved with this scenario.To prevent this behavior, the HTTP session cookie of User-A’s must be invalidated on either the browser or server.