Skip to Content

How to log out of Java app with SAP integration?

Hi folks,

I have configured SAP J2EE Engine 6.20 to integrate with SAP, using SAP Logon Tickets. This works really well - my users log in to the Java web app, are authenticated against an R/3 system which issues a logon ticket, and they can then call RFCs using this ticket.

My problem is that I cannot get "Logoff" to work in my app. I have a link which takes the user to a page where Session.invalidate() is called, and I try to overwrite all cookies (including MYSAPSSO2) on both client and server. Whatever I do, the MYSAPSSO2 cookie remains, so the user can go straight back in without re-authenticating.

My logout.jsp is:

<% // Shutdown the session session.invalidate(); // Create cookie to overwrite those in the browser Cookie mysapsso2 = new Cookie("MYSAPSSO2",""); // Set MaxAge to zero, which should delete the cookie mysapsso2.setMaxAge(0); // Add to the Response so it takes effect response.addCookie(mysapsso2); %>

Can anyone help?

Thanks,

Darren

Add comment
10|10000 characters needed characters exceeded

  • Follow
  • Get RSS Feed

1 Answer

  • author's profile photo
    Former Member
    Posted on Feb 03, 2004 at 08:23 PM

    Hi Darren

    You could remove cookie from client with following code:

    Cookie cookie = null;

    cookie = new Cookie("MYSAPSSO2", "");

    cookie.setMaxAge(0);

    response.addCookie(cookie);

    // !!!!!! you must not set version of cookie

    This code works by me. If it does not work by you please could you make trace of http requests and responses and send them to velin.doychinov@sap.com.

    Best regards

    Velin Doychinov

    p.s. Sorry but I have not succed to login with my user in SDN

    Add comment
    10|10000 characters needed characters exceeded

    • I finally succeeded, by using JavaScript code in the client.

      The key was to set both the path and domain of the cookie - otherwise it didn't replace the original SSO cookie.

      <%@ page language="java" import="com.xeroxeurope.xsap.ebiz.GlobalConstants"%><%

      String basePath = request.getContextPath()+"/";

      // Shutdown the session

      String homepage = (String)session.getAttribute(GlobalConstants.HOMEPAGE);

      session.invalidate();

      %><script language="JavaScript" src="<%=basePath%>scripts/cookies.js"></script>

      <script>

      old = new Date(0);

      cookiedomain = document.domain.substr(document.domain.indexOf(".")+1);

      SetCookie('MYSAPSSO2',null,old,'/',cookiedomain);

      SetCookie('JSESSIONID',null,old,'/',cookiedomain);

      homepage="<%=(homepage==null)?basePath:homepage%>";

      location.replace(homepage);

      </script>