Forum Discussion
s_martin_253133
Nimbostratus
NimbostratusiRule to clear session when traversing to new APM Profile
I have a request to add a "reset password" link on the logon page of our primary APM profile portal. I would like to have a link to a separate virtual server tied to a new APM profile which does not...
Yann_Desmarest_
Nacreous
NacreousHi,
You need to set a special value for MRHSession and LastMRH_Session cookies in the response to the client. For example, you can respond like in my example below :
HTTP::respond 302 noserver "Location" "/logout" "Content-Type" "text/html" "Cache-Control" "no-cache, must-revalidate" Set-Cookie "MRHSession=deleted;expires=Thu, 01-Jan-1970 00:00:10 GMT;domain=[HTTP::host];path=/" Set-Cookie "LastMRH_Session=deleted;expires=Thu, 01-Jan-1970 00:00:10 GMT;domain=[HTTP::host];path=/"The domain value in the cookie depends on how the cookie was set the first time. If it's not provided during authentication, you should remove "domain=[HTTP::host]" in the command.
You can also wait for the backend response and reset the cookie values :
HTTP::cookie insert name value [path ] [domain ] [version <0 | 1 | 2>]
practical example :
HTTP::cookie remove MRHSession
HTTP::cookie remove LastMRH_Session
HTTP::cookie insert name MRHSession value "expired"
HTTP::cookie insert name LastMRH_Session value "expired"
HTTP::cookie expires MRHSession 0 absolute
HTTP::cookie expires LastMRH_Session 0 absolute
Yann_Desmarest_Nacreous
NacreousDomain is the key! For example, Chrome will not allow you to delete a cookie without specifying the domain if the initial insertion was done by specifying the domain.