Bug? InfoView SP4 logon using ivsLogonToken and start.do

Greetings to the forum.

We have developed a custom login page for accessing InfoView using the StartAction (start.do) IEnterpriseSession's logon tokens via ivsLogonToken parameters. Everything has worked quite nicely until we started functional tests with BOEXIr2 SP4. It looks like there is a new cookie key LOGOFF_TOKEN with value '1' being created during the LogoffAction. We assume this cookie is being used to prevent the users from using their browsers back button to access the InfoView. Our problem is that this value also seems to prevent access to the site for later logins as well when using the StartAction. Deleting the cookie manually does grant access normally.

This issue was found at least with Firefox browser.

BO has provided some official documentation for using the StartAction (e.g. inhttps://boc.sdn.sap.com/files/javaXI30.ppt). I have been trying to find some other sources for custom logins. Is there any documents provided by BO?

Now is there anyone following this forum who could confirm this being a bug (and tell me how to properly report this), and does BusinessObjects confirm that using the StartAction is officially supported (but IMHO poorly documented) feature?