What is the best practice for this scenario?
An user log in a machine and starts to browser. At this time this user is authenticated and his session is about 600 seconds. If after this user login and logout and other user log in this machine the last user session is still active. I want to change the authentication to this other user.
What is the best practice? What is the way to do this? Today I have to wait this 600 seconds until change the session. I dont want to decrease this value unless there is a way to force logout of this user manually in MWG.
That is a limitation of the deployment method you are using. There have been attempts to try and make a "logout" button, but I believe they have typically failed or never worked completely.
Authentication session can be destroyed by setting user name to some predefined value like "-".
1. Try to authenticate user. Action: continue.
2. If user name is "-" and URL is logout page, e.g. http://logout then Action: Block with custom logout template.
3. If user is not authenticated or URL is logout page then Action: Authenticate
Authentication server logic:
1. If URL.Redirect is logout page
Set Authentication.IsAuthenticated to true
Set Authentication.UserName to "-"
Action: Redirect back from authentication server
2. Do normal authentication with login page/proxy auth.
User1 accesses http://logout before he leaves, as the result his session it overwritten and user name is set to "-". When User2 calls any URL proxy detects invalid session and forces authetnication.