Showing results for 
Search instead for 
Did you mean: 

How to log out of Java app with SAP integration?

0 Kudos

Hi folks,

I have configured SAP J2EE Engine 6.20 to integrate with SAP, using SAP Logon Tickets. This works really well - my users log in to the Java web app, are authenticated against an R/3 system which issues a logon ticket, and they can then call RFCs using this ticket.

My problem is that I cannot get "Logoff" to work in my app. I have a link which takes the user to a page where Session.invalidate() is called, and I try to overwrite all cookies (including MYSAPSSO2) on both client and server. Whatever I do, the MYSAPSSO2 cookie remains, so the user can go straight back in without re-authenticating.

My logout.jsp is:

<% // Shutdown the session session.invalidate(); // Create cookie to overwrite those in the browser Cookie mysapsso2 = new Cookie("MYSAPSSO2",""); // Set MaxAge to zero, which should delete the cookie mysapsso2.setMaxAge(0); // Add to the Response so it takes effect response.addCookie(mysapsso2); %> <script> // Delete the cookie client-side by setting an expiration date in the past //    ("SetCookie()" from <a href="" TARGET="test_blank"></a>   SetCookie("MYSAPSSO2","", new Date(95,11,17)); // Now go to the initial home page   var start="<%=request.getContextPath()%>/";   location.replace(start); </script>

Can anyone help?



Accepted Solutions (0)

Answers (1)

Answers (1)

0 Kudos

Hi Darren

You could remove cookie from client with following code:

      Cookie cookie = null;

      cookie = new Cookie("MYSAPSSO2", "");



//    !!!!!! you must not set version of cookie

This code works by me. If it does not work by you please could you make trace of http requests and responses and send them to

Best regards

Velin Doychinov

p.s. Sorry but I have not succed to login with my user in SDN

0 Kudos

This isn't working for me with the application I'm writing.  I'll try it in a small stand-alone test application and see if I have any more success...



0 Kudos

I finally succeeded, by using JavaScript code in the client.

The key was to set both the path and domain of the cookie - otherwise it didn't replace the original SSO cookie.

<%@ page language="java" import="com.xeroxeurope.xsap.ebiz.GlobalConstants"%><%

String basePath = request.getContextPath()+"/";

// Shutdown the session

String homepage = (String)session.getAttribute(GlobalConstants.HOMEPAGE);


%><script language="JavaScript" src="<%=basePath%>scripts/cookies.js"></script>


old = new Date(0);

cookiedomain = document.domain.substr(document.domain.indexOf(".")+1);