Forum Discussion
CirrostratusSAP cookie not released after Logout
Hi Karthik,
Please find below an example,
when HTTP_REQUEST { set apm_cookie [HTTP::cookie MRHSession] if { ([ACCESS::session exists -sid $apm_cookie]) } { set uri [ACCESS::session data get session.server.landinguri] ACCESS::session remove HTTP::respond 302 noserver "Location" "$uri" "Cache-Control" "no-cache, must-revalidate" Set-Cookie "MRHSession=deleted;expires=Thu, 01-Jan-1970 00:00:10 GMT;domain=[HTTP::host];path=/" Set-Cookie "LastMRH_Session=deleted;expires=Thu, 01-Jan-1970 00:00:10 GMT;domain=[HTTP::host];path=/" } }You should specify "domain=[HTTP::host]" if you set your the hostname in the Domain SSO settings on your access profile.
You can also set the uri you want to redirect the user to after logout.
Alternatively, you can answer with a custom logout response instead of 302 redirect :
HTTP::respond 200 content [ifile get hangup.html] noserver "Content-Type" "text/html" "Cache-Control" "no-cache, must-revalidate" Set-Cookie "MRHSession=deleted;expires=Thu, 01-Jan-1970 00:00:10 GMT;domain=[HTTP::host];path=/" Set-Cookie "LastMRH_Session=deleted;expires=Thu, 01-Jan-1970 00:00:10 GMT;domain=[HTTP::host];path=/"and of course you can force another cookie deletion like for MYSAPSSO2 for example :
Set-Cookie "MYSAPSSO2=deleted;expires=Thu, 01-Jan-1970 00:00:10 GMT;domain=[HTTP::host];path=/"Hope this help you.
NacreousHi Karthik,
Please find below an example,
when HTTP_REQUEST {
set apm_cookie [HTTP::cookie MRHSession]
if { ([ACCESS::session exists -sid $apm_cookie]) } {
set uri [ACCESS::session data get session.server.landinguri]
ACCESS::session remove
HTTP::respond 302 noserver "Location" "$uri" "Cache-Control" "no-cache, must-revalidate" Set-Cookie "MRHSession=deleted;expires=Thu, 01-Jan-1970 00:00:10 GMT;domain=[HTTP::host];path=/" Set-Cookie "LastMRH_Session=deleted;expires=Thu, 01-Jan-1970 00:00:10 GMT;domain=[HTTP::host];path=/"
}
}
You should specify "domain=[HTTP::host]" if you set your the hostname in the Domain SSO settings on your access profile.
You can also set the uri you want to redirect the user to after logout.
Alternatively, you can answer with a custom logout response instead of 302 redirect :
HTTP::respond 200 content [ifile get hangup.html] noserver "Content-Type" "text/html" "Cache-Control" "no-cache, must-revalidate" Set-Cookie "MRHSession=deleted;expires=Thu, 01-Jan-1970 00:00:10 GMT;domain=[HTTP::host];path=/" Set-Cookie "LastMRH_Session=deleted;expires=Thu, 01-Jan-1970 00:00:10 GMT;domain=[HTTP::host];path=/"and of course you can force another cookie deletion like for MYSAPSSO2 for example :
Set-Cookie "MYSAPSSO2=deleted;expires=Thu, 01-Jan-1970 00:00:10 GMT;domain=[HTTP::host];path=/"Hope this help you.
Karthik_Krishn1Thanks for the code. We actually fixed the issue in a slightly different manner. When the user clicks on the Logout button, our SAP application closes the sessions, in validates the cookie and issues a redirect to /irj/portal and the refererr is the "portalname.domain.com" . So what we did is as below. We essentially introduced a delay before the hangup was initiated when HTTP_REQUEST { if { [string tolower [HTTP::uri]] equals "/irj/portal" and [string tolower [HTTP::header "Referer"]] equals "https://portal.domain.com/irj/portal" } { HTTP::respond 302 noserver Location https://[HTTP::header host]/vdesk/hangup.php3- Karthik_Krishn1when HTTP_REQUEST { if { [string tolower [HTTP::uri]] equals "/irj/portal" and [string tolower [HTTP::header "Referer"]] equals "https://portal.domain.com/irj/portal" } { HTTP::respond 302 noserver Location https://[HTTP::header host]/vdesk/hangup.php3
