Select the product you need help with
- Internet Explorer
- Windows Phone
- More products
Users can't sign out of Office 365 web services
Article ID: 2507767 - View products that this article applies to.
Not sure what release of Office 365 you're using? Go to the following Microsoft website:
Am I using Office 365 after the service upgrade?
Users experience one of the following scenarios in Microsoft Office 365:
For example, when the user clicks Sign out, the user isn't signed out of the web service. Instead, the web browser reloads the current webpage.
To work around this behavior and sign in to Office 365 resources as a different user, use one of the following methods.
Method 2Use the InPrivate Browsing feature in Internet Explorer to access Office 365 web services.
Method 3Remove microsoftonline.com entries from the Trusted sites zone and from the Local Intranet zone in Internet Explorer.
Note This method doesn't work for Scenario 1 of the "Symptoms" section.
This behavior is by design. Office 365 web sessions are maintained by web browser cookies.
The sign-out process for web services forces the session cookies to expire. These session cookies are used to maintain the application session. However, because the web browser is still running, the user still has a valid authentication cookie and isn't required to sign in to the resource again. By default, this authentication cookie is valid for eight hours. It is force-cleared only when the user closes the web browser.
Therefore, when the web browser tries to reload the application sign-in screen when a user signs out, the session cookie is cleared. However, the web browser is instantly authenticated by the authentication cookie. This authentication signs the user back in to the web application, and a new session cookie is generated.
All web portals store a session cookie in memory that has a Time to Live (TTL) value. When the session cookie expires, the web browser is redirected to the logon server to obtain a new service token at the following website:
https://login.microsoftonline.comWhen the web browser is closed, the session cookie is removed from memory, and the user must sign in again. However, web services maintain a cookie for several hours. This means that the following conditions are true:
Still need help? Go to the Office 365 Community
Article ID: 2507767 - Last Review: May 31, 2013 - Revision: 25.0