Home > Aria6 User Documentation > Configuration > Single Sign-On (SSO) > Single Logout Considerations > Logout and User Expectations

Logout and User Expectations

Table of contents


When a user clicks a logout button or link in Aria, the user’s web application session and service provider session are ended, but the user is not logged out of the IdP. Therefore, if the user were to return to the Aria application, they would be automatically re-authenticated because their IdP session cookie is still valid.

Since an IdP does not know which service providers to which the user has sessions, it cannot inform those service providers to destroy the user’s sessions. This creates a false sense of security for users since it provides the impression that they are logged out of all SSO applications.

Last modified



This page has no classifications.