This article explains what happens in Airlock IAM when a user logs out using the logout button and what happens if a user quits without signing out (e.g. by closing the browser or the application).
When a user signs out of a session, i.e., by clicking the logout button, Airlock IAM does not only have to terminate the corresponding HTTP session but also needs to clean up other artifacts created during the session. These artifacts may include Remember-Me cookies, OAuth tokens, SAML sessions, representee sessions, etc. To keep track of what to do when end-users explicitly log out, IAM uses its logout actions concept.
The following table lists examples of different logout actions for a number of authentication use cases:
Use case | Logout actions | When user quits without logout |
---|---|---|
|
| |
|
| |
|
| |
|
| |
|
| |
Note: | ||
|
Note: |
Airlock Gateway Logout Propagation can interfere with the user logout process and should not be used in most of the use cases listed. For example, if Airlock Gateway Logout Propagation is used with the Remember-Me keep me logged in configuration, the propagated logout will cause Airlock IAM to delete the Remember-Me cookie. This would render the keep me logged in function useless.