on 02-02-2004 7:43 PM
Hi folks,
I have configured SAP J2EE Engine 6.20 to integrate with SAP, using SAP Logon Tickets. This works really well - my users log in to the Java web app, are authenticated against an R/3 system which issues a logon ticket, and they can then call RFCs using this ticket.
My problem is that I cannot get "Logoff" to work in my app. I have a link which takes the user to a page where Session.invalidate() is called, and I try to overwrite all cookies (including MYSAPSSO2) on both client and server. Whatever I do, the MYSAPSSO2 cookie remains, so the user can go straight back in without re-authenticating.
My logout.jsp is:
<% // Shutdown the session session.invalidate(); // Create cookie to overwrite those in the browser Cookie mysapsso2 = new Cookie("MYSAPSSO2",""); // Set MaxAge to zero, which should delete the cookie mysapsso2.setMaxAge(0); // Add to the Response so it takes effect response.addCookie(mysapsso2); %> <script> // Delete the cookie client-side by setting an expiration date in the past // ("SetCookie()" from <a href="http://www.curiouscat.com/cookies/example.cfm" TARGET="test_blank">http://www.curiouscat.com/cookies/example.cfm</a> SetCookie("MYSAPSSO2","", new Date(95,11,17)); // Now go to the initial home page var start="<%=request.getContextPath()%>/AccountMan.do"; location.replace(start); </script>
Can anyone help?
Thanks,
Darren
Hi Darren
You could remove cookie from client with following code:
Cookie cookie = null;
cookie = new Cookie("MYSAPSSO2", "");
cookie.setMaxAge(0);
response.addCookie(cookie);
// !!!!!! you must not set version of cookie
This code works by me. If it does not work by you please could you make trace of http requests and responses and send them to velin.doychinov@sap.com.
Best regards
Velin Doychinov
p.s. Sorry but I have not succed to login with my user in SDN
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
I finally succeeded, by using JavaScript code in the client.
The key was to set both the path and domain of the cookie - otherwise it didn't replace the original SSO cookie.
<%@ page language="java" import="com.xeroxeurope.xsap.ebiz.GlobalConstants"%><%
String basePath = request.getContextPath()+"/";
// Shutdown the session
String homepage = (String)session.getAttribute(GlobalConstants.HOMEPAGE);
session.invalidate();
%><script language="JavaScript" src="<%=basePath%>scripts/cookies.js"></script>
<script>
old = new Date(0);
cookiedomain = document.domain.substr(document.domain.indexOf(".")+1);
SetCookie('MYSAPSSO2',null,old,'/',cookiedomain);
SetCookie('JSESSIONID',null,old,'/',cookiedomain);
homepage="<%=(homepage==null)?basePath:homepage%>";
location.replace(homepage);
</script>
User | Count |
---|---|
86 | |
10 | |
10 | |
9 | |
7 | |
7 | |
6 | |
5 | |
4 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.