Forum Discussion
CirrostratusSAP cookie not released after Logout
Hi Karthik,
Please find below an example,
when HTTP_REQUEST { set apm_cookie [HTTP::cookie MRHSession] if { ([ACCESS::session exists -sid $apm_cookie]) } { set uri [ACCESS::session data get session.server.landinguri] ACCESS::session remove HTTP::respond 302 noserver "Location" "$uri" "Cache-Control" "no-cache, must-revalidate" Set-Cookie "MRHSession=deleted;expires=Thu, 01-Jan-1970 00:00:10 GMT;domain=[HTTP::host];path=/" Set-Cookie "LastMRH_Session=deleted;expires=Thu, 01-Jan-1970 00:00:10 GMT;domain=[HTTP::host];path=/" } }You should specify "domain=[HTTP::host]" if you set your the hostname in the Domain SSO settings on your access profile.
You can also set the uri you want to redirect the user to after logout.
Alternatively, you can answer with a custom logout response instead of 302 redirect :
HTTP::respond 200 content [ifile get hangup.html] noserver "Content-Type" "text/html" "Cache-Control" "no-cache, must-revalidate" Set-Cookie "MRHSession=deleted;expires=Thu, 01-Jan-1970 00:00:10 GMT;domain=[HTTP::host];path=/" Set-Cookie "LastMRH_Session=deleted;expires=Thu, 01-Jan-1970 00:00:10 GMT;domain=[HTTP::host];path=/"and of course you can force another cookie deletion like for MYSAPSSO2 for example :
Set-Cookie "MYSAPSSO2=deleted;expires=Thu, 01-Jan-1970 00:00:10 GMT;domain=[HTTP::host];path=/"Hope this help you.
NacreousHello,
If the logout uri in the access profile match the logout uri of the app, the logout should occurs on both systems.
Another way is to configure the app to redirect users to /vdesk/hangup.php3 when they logout from the app.
I have also defined my own irule that delete MRS_Session, LastMRH_Session and for example a jsessionid cookies on the browser side. In the same time, the irule issue an ACCESS::remove command to kill the APM session. To delete cookies, you insert cookie in the response with an expiration date at 1 jan 1970.
Cirrostratus