Technical Forum
Ask questions. Discover Answers.
Showing results for 
Search instead for 
Did you mean: 

APM logout URI with REDIRECT back to my.policy


Hi, I have APM policy configured to look for Logout URI include link, so that when user clicks the logout button within the app, which matches the APM URI Logout URI link, it will kill the session of the user on the APM.


What I would LIKE to do is, when user actually clicks on logout link and APM kills the session, send the user BACK to the my.policy page (original login page).


Is there a way to do this within APM? Or is this something I must do within iRule? (but then if I do iRule - will the iRule executes faster 302 than the APM has chance to kill the session?)


Thanks for input!





iRule event HTTP_REQUEST is triggered before LTM forwards traffic to APM. After the server answers APM is working on the traffic and then HTTP_RESPONSE is triggered before submitting the answer to the client.

If you want to do it with iRules this could look like the following sample. It detects logout request URI but first forwards it to the backend system (so it can terminate application sessions) and then terminates the APM session when backend answers.

 Provides logout detection for SAP Netweaver with APM 11.5.x in Portal Access Mode

  set debug 0
  set uri [HTTP::uri]
  set host [HTTP::host]
  set apm_logout_request 0
  if { $debug eq 1 } { log "HTTP [HTTP::method] request to URL https://${host}${uri}" }
  if {$uri ends_with "/irj/servlet/prt/portal/prtroot/" } {
    if { $debug eq 1 } { log "SAP Netweaver Logout URI $uri detected. Checking for session..." }
    set apm_cookie [HTTP::cookie value MRHSession]
    if { $apm_cookie != "" && [ACCESS::session exists $apm_cookie] } {
      set apm_state [ACCESS::session data get "session.policy.result"]
      if { $debug eq 1 } { log "Received Cookie MRHSession=$apm_cookie for existing session in state $apm_state" }
      set apm_logout_request 1

  if { $apm_logout_request eq 1 } {
    log "Performing APM session logout for MRHSession=$apm_cookie session in state $apm_state"
    ACCESS::session remove -sid $apm_cookie
    HTTP::respond 302 noserver Location "https://$host/irj/portal" Connection close Set-Cookie "MRHSession=deleted;path=/;secure;expires=Thu, 01 Jan 1970 00:00:00 GMT" Set-Cookie "LastMRH_Session=deleted;path=/;secure;expires=Thu, 01 Jan 1970 00:00:00 GMT"
    event disable all