Forum Discussion

jk303's avatar
Icon for Nimbostratus rankNimbostratus
Jan 16, 2018

APM logout URI with REDIRECT back to my.policy

Hi, I have APM policy configured to look for Logout URI include link, so that when user clicks the logout button within the app, which matches the APM URI Logout URI link, it will kill the session of the user on the APM.


What I would LIKE to do is, when user actually clicks on logout link and APM kills the session, send the user BACK to the my.policy page (original login page).


Is there a way to do this within APM? Or is this something I must do within iRule? (but then if I do iRule - will the iRule executes faster 302 than the APM has chance to kill the session?)


Thanks for input!


1 Reply

  • Hi,

    iRule event HTTP_REQUEST is triggered before LTM forwards traffic to APM. After the server answers APM is working on the traffic and then HTTP_RESPONSE is triggered before submitting the answer to the client.

    If you want to do it with iRules this could look like the following sample. It detects logout request URI but first forwards it to the backend system (so it can terminate application sessions) and then terminates the APM session when backend answers.

     Provides logout detection for SAP Netweaver with APM 11.5.x in Portal Access Mode
    when HTTP_REQUEST { 
      set debug 0
      set uri [HTTP::uri]
      set host [HTTP::host]
      set apm_logout_request 0
      if { $debug eq 1 } { log "HTTP [HTTP::method] request to URL https://${host}${uri}" }
      if {$uri ends_with "/irj/servlet/prt/portal/prtroot/" } {
        if { $debug eq 1 } { log "SAP Netweaver Logout URI $uri detected. Checking for session..." }
        set apm_cookie [HTTP::cookie value MRHSession]
        if { $apm_cookie != "" && [ACCESS::session exists $apm_cookie] } {
          set apm_state [ACCESS::session data get "session.policy.result"]
          if { $debug eq 1 } { log "Received Cookie MRHSession=$apm_cookie for existing session in state $apm_state" }
          set apm_logout_request 1
    when HTTP_RESPONSE {
      if { $apm_logout_request eq 1 } {
        log "Performing APM session logout for MRHSession=$apm_cookie session in state $apm_state"
        ACCESS::session remove -sid $apm_cookie
        HTTP::respond 302 noserver Location "https://$host/irj/portal" Connection close Set-Cookie "MRHSession=deleted;path=/;secure;expires=Thu, 01 Jan 1970 00:00:00 GMT" Set-Cookie "LastMRH_Session=deleted;path=/;secure;expires=Thu, 01 Jan 1970 00:00:00 GMT"
        event disable all