I have configured SAP J2EE Engine 6.20 to integrate with SAP, using SAP Logon Tickets. This works really well - my users log in to the Java web app, are authenticated against an R/3 system which issues a logon ticket, and they can then call RFCs using this ticket.
My problem is that I cannot get "Logoff" to work in my app. I have a link which takes the user to a page where Session.invalidate() is called, and I try to overwrite all cookies (including MYSAPSSO2) on both client and server. Whatever I do, the MYSAPSSO2 cookie remains, so the user can go straight back in without re-authenticating.
My logout.jsp is:
<% // Shutdown the session session.invalidate(); // Create cookie to overwrite those in the browser Cookie mysapsso2 = new Cookie("MYSAPSSO2",""); // Set MaxAge to zero, which should delete the cookie mysapsso2.setMaxAge(0); // Add to the Response so it takes effect response.addCookie(mysapsso2); %>
Can anyone help?