Forum Discussion

Cirrostratus

May 13, 2016

Solved

SAP cookie not released after Logout

Hello , we have a situation where when the user logs out of the portal by clicking on the "logout button" and logs out , another user login to the portal using the same browser instance gets si...

application delivery

BIG-IP Access Policy Manager (APM)

iRules

Yann_Desmarest_

May 13, 2016

Hi Karthik,

Please find below an example,

when HTTP_REQUEST {
    set apm_cookie [HTTP::cookie MRHSession]
    if { ([ACCESS::session exists -sid $apm_cookie]) } {
        set uri [ACCESS::session data get session.server.landinguri]
        ACCESS::session remove
        HTTP::respond 302 noserver "Location" "$uri" "Cache-Control" "no-cache, must-revalidate" Set-Cookie "MRHSession=deleted;expires=Thu, 01-Jan-1970 00:00:10 GMT;domain=[HTTP::host];path=/" Set-Cookie "LastMRH_Session=deleted;expires=Thu, 01-Jan-1970 00:00:10 GMT;domain=[HTTP::host];path=/"
    }
}

You should specify "domain=[HTTP::host]" if you set your the hostname in the Domain SSO settings on your access profile.

You can also set the uri you want to redirect the user to after logout.

Alternatively, you can answer with a custom logout response instead of 302 redirect :

HTTP::respond 200 content [ifile get hangup.html] noserver "Content-Type" "text/html" "Cache-Control" "no-cache, must-revalidate" Set-Cookie "MRHSession=deleted;expires=Thu, 01-Jan-1970 00:00:10 GMT;domain=[HTTP::host];path=/" Set-Cookie "LastMRH_Session=deleted;expires=Thu, 01-Jan-1970 00:00:10 GMT;domain=[HTTP::host];path=/"

and of course you can force another cookie deletion like for MYSAPSSO2 for example :

Set-Cookie "MYSAPSSO2=deleted;expires=Thu, 01-Jan-1970 00:00:10 GMT;domain=[HTTP::host];path=/"

Hope this help you.

Yann_Desmarest

Cirrus

May 13, 2016

Hi Karthik,

Please find below an example,

when HTTP_REQUEST {
    set apm_cookie [HTTP::cookie MRHSession]
    if { ([ACCESS::session exists -sid $apm_cookie]) } {
        set uri [ACCESS::session data get session.server.landinguri]
        ACCESS::session remove
        HTTP::respond 302 noserver "Location" "$uri" "Cache-Control" "no-cache, must-revalidate" Set-Cookie "MRHSession=deleted;expires=Thu, 01-Jan-1970 00:00:10 GMT;domain=[HTTP::host];path=/" Set-Cookie "LastMRH_Session=deleted;expires=Thu, 01-Jan-1970 00:00:10 GMT;domain=[HTTP::host];path=/"
    }
}

You should specify "domain=[HTTP::host]" if you set your the hostname in the Domain SSO settings on your access profile.

You can also set the uri you want to redirect the user to after logout.

Alternatively, you can answer with a custom logout response instead of 302 redirect :

HTTP::respond 200 content [ifile get hangup.html] noserver "Content-Type" "text/html" "Cache-Control" "no-cache, must-revalidate" Set-Cookie "MRHSession=deleted;expires=Thu, 01-Jan-1970 00:00:10 GMT;domain=[HTTP::host];path=/" Set-Cookie "LastMRH_Session=deleted;expires=Thu, 01-Jan-1970 00:00:10 GMT;domain=[HTTP::host];path=/"

and of course you can force another cookie deletion like for MYSAPSSO2 for example :

Set-Cookie "MYSAPSSO2=deleted;expires=Thu, 01-Jan-1970 00:00:10 GMT;domain=[HTTP::host];path=/"

Hope this help you.

Karthik_Krishn1

Cirrostratus

May 15, 2016

when HTTP_REQUEST { if { [string tolower [HTTP::uri]] equals "/irj/portal" and [string tolower [HTTP::header "Referer"]] equals "https://portal.domain.com/irj/portal" } { HTTP::respond 302 noserver Location https://[HTTP::header host]/vdesk/hangup.php3

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)