We have a situation where we have Portal being front ended by TAM. We have Portal setup so when you logout it closes down TAM and deletes cookies for the PD session from TAM. However a problem occurs if people are just doing an option that takes them back to the login page for the fixed application they have in the browser. When they log back in we have managed to kill the TAM sessions. But what we are finding is that against the /was junction, we have still have the jsessiond cookie. This means we are getting people log into TAM and then when they hit Portal they are seeing the session of the person who did not do a full logout. This is because WAS picks the details against the jsessionid cookie, even though all the things like iv-user in traces look fine.
And we already have the cookie kill code in, but because the path on the cookie for portal is against /was, then the cookie delete code is no good for JS security issues. So how can we remove the jsessionid information to stop the users mixing sessions?
