Directory Programming .NET

I've noticed that when I pass back and forth between realms and apps I get some odd behavior.  Perhaps its not odd, but by design.

I can browse to one resource and login.  Then browse to a resource that doesn't accept the current ADFS signon, I'm redirected to the login for that.  I sign in with another account and gain access.  Now I'm signed on as two different users.  The apps see me as whoever signed in, so if I log out of the first app it shows me as logged out, but I still have access to the second app. 

I am then able to go to the realm selection, select the realm that I'm logged into on the second app, and get taken straight back to the first app, signed in already as the second login.

I'm pretty sure that users won't be doing this, in my scenario, because users shouldn't have logins to multiple stores.

I guess the solution to this would be to make sure your logout page deleted all cookies so that you would be logged out of every account partner, not just the one that got the logout request.

Is it possible you have overlapping cookie paths or domains here?  The _webSSOAuth cookie is unique per resource and per user, but it uses the same name in ADFS, so if the browser sends the a cookie to the wrong app, bad things can happen.  I had a lengthy blog post about this a while ago that goes into more details.  It is very easy to accidentally create overlapping cookies.

I will look into the cookie paths.  I'm not too concerned right now because no user should be bouncing back in forth as often (if at all) as I am while testing.