<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeCommunityForum
0D51Y00007tCXqGSAWOkta Classic EngineSingle Sign-OnAnswered2024-04-15T09:30:27.000Z2020-02-24T18:44:25.000Z2020-03-02T22:43:11.000Z

VasuT.19687 (Customer) asked a question.

Edited February 24, 2020 at 6:46 PM
OKTA session Vs multi myAPP user issue

On a single machine, in the same browser user1@fake.com logs on to OKTA, clicks on myAPP web application, the process will successfully takes user1@fake.com into myAPP.

Now user1@fake.com logs out of myAPP, user2@fake.com tried to login on the same tab or new tab in the same browser. When myAPP asks for user session from OKTA we get user1@fake.com session instead of redirecting user to OKTA login page.

 

What are the possible solutions ?

 

One solution I’m thinking, to make a call to OKTA get user profile and match certain parameters, preferably user name between myAPP and OKTA, if not matching , then auto logout of previous OKTA session and redirect user to OKTA login page.

To do this is there any API which can give user profile info based on user name and force logout of existing session of other user?

  • 4 answers
  • 1.28K views
LARRYH.59718 likes this.

  • bc221 (bc221)

    Hi Vasu,

     

    You can use Okta session API to get current logged in user and you can also invalidate current session.

     

    refer- https://developer.okta.com/docs/reference/api/sessions/

     

    Get Current Session = GET {{url}}/api/v1/sessions/me

    Clear Session = DELETE {{url}}/api/v1/sessions/{{sessionId}}

    Clear User Sessions = DELETE {{url}}/api/v1/users/{{userId}}/sessions

    Expand Post

  • VasuT.19687 (Customer)

    Thanks Vipul.

    The myAPP doesn't know the OKTA session id in my case, to do that i need to change the implementation to hold OKTA session id.

     

    What's your general experience scenario's like this where users sharing a system and using the same browser or one user have multiple logins and switch between accounts ?

    Expand Post

  • bc221 (bc221)

    This is very unique scenario where multiple users share same browser to login to the same app. is this SAML based app? have you tried to use SLO (Single-Log-Out).

     

    I have experience of using Okta Sign-In widget where i can call Logout method. It has very rich library you can play with.

     

    I suggest you to use Okta Sign-In widget for your app Login Page. refer - https://developer.okta.com/code/javascript/okta_sign-in_widget/

     

    logout() {

        this.widget.signOut(() => {

          this.setState({ user: null })

          this.showLogin()

        })

      }

     

    Expand Post

  • VasuT.19687 (Customer)

    this SAML based app?

    using OpenIdConnect

     

    i was using widget., but upon client demands changed to re-direction to OKTA login page.

This question is closed.
Loading
OKTA session Vs multi myAPP user issue