Destroy Session on the logout

[Waleedviews]

Hi Guys,

I have installed the library and so far everything working very perfect. I have a question regarding the session destroy, is there any way to destroy all the active sessions of the application?

getLogoutURL() logout me from the idp provider however when i re try to access my custom application it still shows that my sessions are active.

My code:

require_once('lib/_autoload.php');
$as = new SimpleSAML_Auth_Simple('default-sp');
 if($as->isAuthenticated()){
	$attributes = $as->getAttributes();
	$email = $attributes['useremailaddress'][0];
	$authemail = $email;
	$idpaccess = "idpaccessauth";
	$session = SimpleSAML_Session::getSessionFromRequest();
	$session->cleanup();
	$_SESSION['emailemp'] = $authemail;
	$_SESSION['idpaccess'] = $idpaccess;
	redirect("".SITE. "data.php");
}else{
  echo "Not authenticated";
  $as->requireAuth();
}

thank you

[tvdijen]

Maybe your IdP doesn't support single logout..
Can you verify that your IDP sends a LogoutResponse back to you?

The alternative is that you destroy the session in your application before redirecting to the logoutURL