SSO force logout previous session

13 コメント

  • Low Chin Seng
    コメントアクション Permalink


    I have added the forcelogout parameter in a payload to generate the JWT token for SSO. However, I found that the previous SSO session is not logout during the second attempt of SSO.

    Any idea?

    var payload = new Dictionary<string, object>() {
                    { "iat", timestamp },
                    { "jti", System.Guid.NewGuid() },
                    { "name", sessionOrgUser.user_name },
                    { "email", sessionOrgUser.OrgUserInfo.email_address},
                    {"locale_id", zendeskLocaleId},
                    {"forcelogout", "true"}

  • Lorraine Harbert
    コメントアクション Permalink

    We have many clients whose users share computers.  This would be a huge help for companies that have this use case. 

  • Brijesh Tekrawala
    コメントアクション Permalink

    I am also facing same issue, is that any way we can explicit logout Zendesk session ? 

    I also tried {"forcelogout", "true"} , but it is not workng as expected.



  • Curry Hoffman
    コメントアクション Permalink

    Has anyone had any luck in finding a solution to this issue? We also use shared computers and this presents a massive security problem.

  • Murali
    コメントアクション Permalink

    Way I took care in my case was, look for existence of zendesk session and if they are not same, remove those zd_session cookies -- otherwise keep them.

    private bool AnotherZendeskSessionExists()
    string email = GetEmail();
    string zdSessionId = CalculateMD5Hash(email);

    // if zd session cookie exists and hash of email value is different than it is another zendesk session
    return (Request.Cookies["zd_session"] != null && Request.Cookies["zd_session"].Value != zdSessionId);

  • Ankit Garg
    コメントアクション Permalink

    Hi All,

    We implemented a small enhancement recently which might be useful in this scenario.

    If User A is logged in from a browser, and without logging User A out if Zendesk gets a SSO request for User B from the same browser, we log User A out of the existing session.



  • Oliver
    コメントアクション Permalink

    @Ankit Garg: this seems not to work. We implemented JWT SSO.


    1. User A login on our website
    2. User A SSO request to zendesk => redirect & logged in as User A
    3. User A leaves Zendesk without logout
    4. User A logout on our website
    5. User B login on our website
    6. User B SSO request to zendesk => redirect & logged in as User A

    How can the "old user" logged out / session destroyed?


  • Camille Schoell
    コメントアクション Permalink



    We have the same problem here. Did Zendesk do some development in order to replace the old token when connecting with another user ?


    Thank you,

  • Shlomi Cohen
    コメントアクション Permalink

    we have the same problem here . zendesk support  - any updates here ?


  • Mattias Ekberg
    コメントアクション Permalink

    We too have this problem. Any solution Zendesk?

  • Ruchika Sarma
    コメントアクション Permalink

    Same issue here.

    Any updates?

    Just found this article but it didn't seem to help


  • Jonas Eriksson
    コメントアクション Permalink

    Just echoing the sentiment - exact same problem as Oliver's stated issue above. How can we solve this nicely?

  • Senthil Kumar Chinnaswamy
    コメントアクション Permalink


    can you please let us know, if ZenDesk is working on to fix this issue and when we can expect a solution. Appreciate an update. 




Powered by Zendesk