Skip to Content
author's profile photo Former Member
Former Member

Delete MYSAPSSO2 cookie on client side

Hi,

is there a possibility to delete the MYSAPSSO2 cookie on client side from a BSP?

I want to force the user to enter his password and userid again after visiting a special BSP.

Regards

Daniel

Add a comment
10|10000 characters needed characters exceeded

Related questions

4 Answers

  • Posted on Jun 01, 2005 at 07:10 AM

    check out BSP application <b>system</b> and pages

    session_buffered_frame.htm

    session_single_frame.htm

    pages for the sample code.

    Regards

    Raja

    Add a comment
    10|10000 characters needed characters exceeded

  • author's profile photo Former Member
    Former Member
    Posted on Jun 01, 2005 at 10:11 AM

    Thanks Raja,

    but these sides dont solve my problem, because to delete the cookie i have to close the browser. Without closing the Browser only the session is closed. If I press my browser´s "back-button" i can reach my last bsp, even without entering my userid and password.

    So the cookie must still exist and is not deleted from the BSP.

    Add a comment
    10|10000 characters needed characters exceeded

    • I may suggest to redirect your users to a logoff.htm page that contains the following code:

      <html>

      <script language="JavaScript">

      // Delete the cookie with the specified name.

      function DelSso2Cookie(sName,sPath)

      {

      // 2 livels

      var sso2Domain = location.hostname;

      if (location.hostname.indexOf(".")>0)

      sso2Domain = location.hostname.substr(location.hostname.indexOf(".")+1);

      p="";

      if(sPath)p=" path="sPath";";

      document.cookie = sName"=0; expires=Fri, 31 Dec 1999 23:59:59 GMT;"p + "domain="sso2Domain";";

      // 3 livels

      sso2Domain = location.hostname;

      p="";

      if(sPath)p=" path="sPath";";

      document.cookie = sName"=0; expires=Fri, 31 Dec 1999 23:59:59 GMT;"p + "domain="sso2Domain";";

      }

      </script>

      <META HTTP-EQUIV=Refresh CONTENT="0; URL=/myHomePage">

      <BODY onLoad='DelSso2Cookie("MYSAPSSO2","/");'>

      Logging off...

      </BODY>

      </html>

      This page will delete the cookie and will redirect to a page that you can set in the URL parameter of the <META HTTP-EQUIV=Refresh statement..

  • author's profile photo Former Member
    Former Member
    Posted on Jun 02, 2005 at 07:02 AM

    Thanks for your help.

    i tried your code Serigio, but i was redirected to my next page without asking for my userid or password. So I think the cookie was not deleted.

    Perhaps the only chance to force the user to reenter userid and password is to close the browser.

    Add a comment
    10|10000 characters needed characters exceeded

    • It's strange. To me it works fine.

      Are you able to check which cookies are present in the browser?

      In IE you can type in the URL javascript:document.cookie;

      The Firefox extension Web Developer provide you with the function Information - View cookie information.

      I suppose that the cookie is deleted but not the session.

      Are you going from one BSP application to the other or just jumping between pages of the same application?

  • author's profile photo Former Member
    Former Member
    Posted on Jun 03, 2005 at 06:05 AM

    You are right. Your code works fine. The cookie is deleted. But I still have the Problem that the user is not asked for his password and userid. It dosent matter if the side is from the same bsp-application or from another.

    Add a comment
    10|10000 characters needed characters exceeded

    • It is probably because you also have a basic authentication header set. Once you have this popup to ask for name+password, you have effectively lost. Only thereafter is the sso2 cookie set. So you have two sources of authentication data. The trick is to use some form of formbased logon (ex: 620 our system application) that gets the sso2 cookie set without requiring basic authentication.

      Authentication is unfortunately a very complex problem. You will have to understand all of it to achieve you goals. One , for IE6.1SPxyz (only!), there is a technique to delete the basic authentication header.

      For the record: there is a planned change that will make it impossible to delete the SSO2 cookie in the browser. No timeframe has been set yet. Then you have to delete the cookie via a server roundtrip.

Before answering

You should only submit an answer when you are proposing a solution to the poster's problem. If you want the poster to clarify the question or provide more information, please leave a comment instead, requesting additional details. When answering, please include specifics, such as step-by-step instructions, context for the solution, and links to useful resources. Also, please make sure that you answer complies with our Rules of Engagement.
You must be Logged in to submit an answer.

Up to 10 attachments (including images) can be used with a maximum of 1.0 MB each and 10.5 MB total.