Skip to Content
author's profile photo Former Member
Former Member

Using SYSTEM BSP for logon

Hello everybody,

we changed our WebAS to create and accept SSO2 cookies, because we need the functionality of logging off without closing the browser completly. Because we wanted to be sure that the user is logged off when jumping to another page or closing the window, we tried to use the session_single_frame.htm from the system BSP. Unfortunately, if you hit the refresh button of the browser, you get logged off.

Has anybody an idea how to deal with this??

Also additional information about the system BSP pages would be great.

Thanks for your help.

ALEX

Add comment
10|10000 characters needed characters exceeded

1 Answer

  • Posted on Nov 13, 2003 at 12:29 PM

    Hallo Alex,

    There is an old saying "do not look a gifted horse in the mouth". And unfortunately the session_single_frame.htm is such an animal. It is an example that we build to show some ideas. However, there are a number of other open problems, so that this just can not be considered a complete solution.

    Never the less, let me write you some ideas. Maybe you can build on that.

    First: what do we do? We install a simple <frame>, and load the application inside this frame. So as long as the application keeps working the <frame> is not changed. Then inside this <frame> we hook the onUnload event. When this event is fired, we do the open window stuff and try to clear the session quickly.

    This event is usually fired in two cases: (1) the user types in a new URL in the browser (or click on favourites). In this case, it is correct that we want the session cleared. Nr (2) is when the browser is closed. (Ultra important: this feature is not supported by Netscape!). In this case also we want the session to be closed.

    And now you have the refresh problem. However, refresh effectively reduces to (1) above. It is as if the user typed in the URL new, and the browser starts working again new. As it is not possible to know why the onUnLoad is triggered (we do not know the target URL), we can not distinguish between these two cases. (We have never found a solution for this!)

    There is one of two workarounds you can consider:

    (1) Start you application in a new window, and hide the menu bar. This is what most people do.

    (2) Write you own wrapper <frame> and do not hook the unOnLoad. Provide a "logoff" button. Hope every day that people will press the logoff, and not just navigate away. In this case the refresh should work correctly. (But you open yourself for other nasty problems.)

    All in all, we do not know of a way to catch the refresh button. (We have something in the pipeline to prevent back navigation, but this is still to be checked whether we want to publish it. If we do, you will know.)

    Two more remarks:

    (*) Look at BSP application ITSM.

    (*) The documentation for SYSTEM application is in OSS note 517860.

    bye, brian

    Add comment
    10|10000 characters needed characters exceeded