Products
Solutions
Partners
Support
Company
Try Now
Pulse Secure Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SA as reverse proxy and persistent sessions

bwsaloum_
Occasional Contributor
‎06-25-2013 01:54:PM
‎06-25-2013 01:54:PM

SA as reverse proxy and persistent sessions

I'm probably asking the same question that dozens, if not hundreds of others have asked...

 

When using the SA as a reverse proxy, how can I enforce session termination after the user has closed their browser?  I've tried the disable persistent session option, no joy with any browsers that support multiple tabs.

 

Even if a user has multiple browser windows open, with only one associated with the SA, if they close the SA application window, they can open a new window and bypass the first factor authentication. 

Any suggestions would be greatly appreciated.

 

bws

0 Kudos
1 REPLY 1
zanyterp_
Respected Contributor
‎06-26-2013 08:52:PM
‎06-26-2013 08:52:PM

Re: SA as reverse proxy and persistent sessions

When using a browser that shares the cookies between multiple tabs/windows, the cookie is accepted as valid (since it is). In order to not allow this, you will need to use an aggressive idle session timeout; there is no way to clear the cookie/session until the user logs out OR the session times out.

This is a limitation of the cookie sharing.

0 Kudos
© 2017 Pulse Secure, LLC. Use of this website assumes acceptance of our Legal Notices and Privacy Policy. Pulse Secure has updated its Privacy Policy effective June 28, 2017.