Azure B2C using another account, but session retains earlier logged in user account

Question

Steps to repro the issue..

1. Click a sign in user flow in your B2C directory
2. complete the Login steps, including MFA if configured
3. Now, without closing the browser, visit the same "sign in" user flow link again
4. This time, it will show "Pick an account" dialog, select "Use another account" option
5. It will take you to next screen where you can enter email address to login as different user
6. In the next screen, it will display the username of the user logged in step # 2 above, not the newly entered user email or name in step 5

This is reproducible in the Azure B2C directory, with the Sign In only user flow, and also the "Sign up and Sign In" user flow. Please check this issue and fix it. Additional info, this happens especially when the WebView2 control is used in a Windows Forms application, and the userflow link is navigated to programmatically.

Hope this helps to troubleshoot this easier.

Answer 1

Hello @Sowmithiran, Anand , after revieweing your HAR we have found that the issue does not lie in Azure AD B2C or your Win Forms application: During the first login UserA signed in and established a logonsession within ADFS. This session is valid for 8hours (default WebSSOlifetime), till the user has performed a logout, closes the browser (assuming the feature "continue where you left off" is not enabled in browsers), or the application (Entra ID) requests a fresh login using the parameter &prompt=login or &wfresh=0&wauth=<password>.None of the aforementioned has been done, so when again redirecting to ADFS, it detects that you are already logged on with user A and performs SSO issuing you a new Token for User A. Please ensure one of the aforementioned conditions is met so that a new user gets signed in.

Let us know if you need additional assistance. If the answer was helpful, please accept it and rate it so that others facing a similar issue can easily find a solution.