i have a problem with this scenario but i don’t know how to solve it:
- USER_A from application starts an OIDC login procedure with username/email MAIL_A
- no logout is called, so the session in KeyCloak and local cookies are not invalidated and are related to MAIL_A.
- USER_A starts now a new OIDC login procedure using a different username MAIL_B
- KeyCloak still recognise the USER_A as authenticated with account related to MAIL_A and not related to MAIL_B
How can i avoid this?
Is there a way to invalidate the KeyCloak session since it was created for the account MAIL_A and not for MAIL_B?
Thanks in advance.