Logout from a domain in a multi domain access policy

Hi all,

 

I need your help!

 

I configured a multi domain access policy in order to have SSO between two different web site. Users tipically login (by kerberos) on the first web site ( then try to access to the second web site ( SSO works correctly and I saw that each different web site set a new MRHSession cookie with the domain I set in SSO/Auth domains. As cookie scope, I'm using Domain.

 

What it happens is that if client asks to be logged out from the second web site ( it is logged out from the first too!

 

I tried using the logout URI in access policy configuration and I tried to kill the session removing cookie in an iRule on HTTP request without any success.

 

I'm wondering if exist a good way to kill the session cookie of the secondary site without killing the first one too.

 

In the past I noticed that the only way to have the session cookie and the access session removed in the same time is to redirect, in case of logout, to /vdesk/hangup.php3 but I don't want to use this option because I need to redirect user on a customized page that offer the opportunity to login back again using form authentication instead of kerberos.

 

Any suggestion?

 

thank you all for you help!!! Crs