Question Re: Logging off Portal - Cookies/Caching in Technology Q&A

Logging off Portal - Cookies/Caching

Former Member — Thu, 06 Jul 2006 10:51:44 GMT

Hi,

We are currently experiencing a problem with users not logging off Portal, but just closing their browser (x)

and when they go back into Portal, it does not prompt for their userid/password, but takes them directly into Portal. This probably has something to do with their cookies. Is there a setting in Portal or scripting that we could do.

We want the users to always logon with their userid's.

All help will be rewarded !!

Kind regards,

Morgan

Re: Logging off Portal - Cookies/Caching

Former Member — Thu, 06 Jul 2006 12:28:18 GMT

Hi,

This is because of cookies only. Until the cookies are active, the session of the user can be got back. I am not sure if this solution will work but give a try.

Go to

Tools -> Internet Options -> Security -> Custom Level

In the settings, choose

User Authentication -> Logon ->Prompt for user name and password

Check and tell me if it works.

<b>Don't forget to reward if helped.</b>

Regards,

Harini S

Re: Logging off Portal - Cookies/Caching

Former Member — Thu, 06 Jul 2006 13:02:45 GMT

Hi Morgan,

There are a bunch of SDN forums on this.

You cannot delete cookies, really you just expire them which invalidates the session. You can use the ConfigTool under Services (probably Global Services first), then com.sap.security.core.ume.service and find the property ume.logoff.redirect.url to point to an ASP file like this:


<html>
<head>
<META HTTP-EQUIV="Pragma" CONTENT="no-cache"> <META HTTP-EQUIV="Expires" CONTENT="-1">
<title>Cookie Killer Page</title>
<script language="JavaScript">
<!--
function delCookie() {
//	alert("inside delete cookie");
	var expireNow = new Date();
 	document.cookie = "SMSESSION=; expires=Thu, 01-Jan-70 00:00:01 GMT; domain=.<domain>.<com>; path=/";
	document.cookie = "SMTRYNO=0; domain=.<domain>.<com>; path=/";
	document.cookie = "JSESSIONID=; domain=.<domain>.<com>; path=/";
	document.cookie = "sapj2ee_*=; domain=.<domain>.<com>; path=/";
	document.cookie = "MYSAPSSO2=; path=/";
	document.cookie = "SMSESSION=NO; domain=.<domain>.<com>; path=/";
//	alert(document.cookie);
location.href = "http://www.<domain>.<com>";
}
// -->
</script>
</head>
<body onLoad="delCookie()">
</body>
</html>

This one was for invalidating all portal cookies as well as one siteminder cookie that was very persistent. You can REM that one if you want It also performs a redirect to another URL in case you have SSO to the portal (i.e. VIA SiteMinder or Kerberos, etc...) as it would normally redirect back to the portal but if you are SSOing - you would never be able to get out without closing the browser...

Oh, it can be made "hidden" too so that the end-users don't see it flash by on logoff.

Unfortunately, I think that they have to trigger the "logoff" function for this to work.

Alternatively, have you tried the 'Empty temporary InternetFiles folder when browser is closed' setting in IE?

I hope that this helps, maybe there are other ideas out there?

Judson

Re: Logging off Portal - Cookies/Caching

Former Member — Thu, 06 Jul 2006 13:02:56 GMT

Hi Harini,

Thank you for responding.

I did make the changes as per your message, but did not

have much joy.

We cannot make changes to each user, but have to make

global changes, either via a script or on the Portal.

Regards,

Morgan

Re: Logging off Portal - Cookies/Caching

Former Member — Thu, 06 Jul 2006 13:12:59 GMT

Thanks Judson,

This looks very promising. I will make the changes and

restart the Portal over the weekend.

I will let you know the outcome.

Regards,

Morgan

Re: Logging off Portal - Cookies/Caching

Former Member — Mon, 10 Jul 2006 10:45:20 GMT

Hi,

In order to get this to work without the logon button, you might try to create an iview which registers a call for the unload hook

(think you still need the redirect of this iview, because otherwise the cokie information is not sent back to the user. Probably best to do that in a small popup window

Regards

Dagfinn

Re: Logging off Portal - Cookies/Caching

Former Member — Tue, 18 Jul 2006 09:14:00 GMT

Hi,

I am still not having much joy with this problem.

I did create an asp file and set the ume.logoff.redirect.url to point to the asp file.

The problem is not with the logoff, but when the IE browser is closed (x).

We need a solution as same as when the user selects

the Logoff button on Portals

All help will be appreciated and rewarded !!

Many thanks,

Morgan

Re: Logging off Portal - Cookies/Caching

Former Member — Thu, 06 Sep 2007 17:27:26 GMT

Hi ANy sloution for this i am still getting the same problem