There is a local secure domain for work within the company. To work from the outside, the administrator created ActiveDirectory with users who are bound to certificates. Upon entering the site, the user selects a certificate, authorizes and gains access to resources.

The following problem arose - if one user has two or more roles, then after working with one role and changing to another (choosing a certificate for another role), the server does not reset session data to authorize the user under another role. And when logging in under a different role, the server does not give access to new resources until the user logs into the browser and clears the cache and cookies. IIS settings according to the admin almost did not change.

Any idea what might get in the way of dropping a session? We did not find where and how to set the session lifetime.

  • And it tried - ASP_session_timeout ? - Daemon-5
  • @ Daemon-5 but tried, but you have to wait even more than set in the setting, for example, set a minute, wait for 2-3 minutes. We think how to make the "Exit" button to forcibly end the session, but we cannot find the information - Ackbar
  • Here is a solution to a similar Session problem. Does the Session.Abandon method "kill" the session? - Daemon-5

0