We are experiencing an issue in which a user changes their logon password using a thick client application, but is unable to use the changed password when connecting to the same password store through the SALT gateway.
We suspect that either the browser or the SALT Gateway itself is caching the password. How is this designed to work? Do we have to send something in the header to force it use the password being sent?
We suspect the user is submitting the logon request from an existing browser window which authenticated against SALT prior to them changing the password in the thick client.