Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Read only

clearing jsessionid

Go to solution
Former Member

on ‎2010 May 13 6:51 PM

0 Likes
1,361

hi experts

we have a c# application with RSA security as front end.

RSA sso is implemented on businessobjects and it is working.

But the issue is, if the user1 logons in application and creates a session in infoview.

But he didn't logout infoview. when another user2 logons in the application on same computer.

Businessobjects still keeps the old session.

There is no way to tell tomcat to uses the new session.

I can see in CMC, there is two session active (user1 & user2).

Is it possible to clear jsessionid session & cookies?

Thanks!

Prasath

Edited by: Prasath Mungundu on May 13, 2010 11:13 PM

Know the answer?

Help others by sharing your knowledge.

Answer

Need more details?

Request clarification before answering.

Show replies
Show replies
View Entire Topic
ted_ueda
Product and Topic Expert
Product and Topic Expert
‎2010 May 14 2:48 PM
0 Likes

The jsessionid is a HTTP Session token generated by the Java Web Application Server itself to manage HTTP Sessions - here Tomcat.

Trying to eliminate jsessionid isn't a secure way to do things.

It's SSO, so the session will remain live till the HTTP Session times out, if the user hasn't logged off explicitly.

Sincerely,

Ted Ueda

Show replies
Show replies
Former Member
‎2010 May 14 3:57 PM
0 Likes

Hi Ted

We are using RSA SSO and enterprise authentication, SSO works on initial login.

But when a user logs out, and logs back in to SSO without closing the browser, InfoView still holds the pervious session.

Is there a way to identify and get rid of tomcat session when new InfoView user comes in via SSO?

Is there some way to detect when the current user has changed, and remove the session accordingly.?

I have same question post in below thread.

Thanks!

Prasath

ted_ueda
Product and Topic Expert
Product and Topic Expert
‎2010 Jun 17 6:52 PM
0 Likes

I'm assuming this isn't an issue if the user closes the web browser window before logon, since then the client-side won't try to re-send the cookies.

Sincerely,

Ted Ueda

Ask a Question