cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

BSP: Logout does not work

Go to solution
jrg_neumann
Explorer

on ‎05-12-2010 1:05 PM

0 Kudos

Hello.



At the moment i am re-developing a bsp-application, that i have written about 2 years ago.



I have to add a logout-funtion to the new version, as the users desperately want it (Some of our users seem to get nervous, when login on to a page, that provides no logout button...).



I have already tried navigation->exit() but this method only drops the application context - the session will not be terminated, so that the user will not be promted for login-data when e.g. pressing the back-button of the browser.



I read the documentation on help.sap.com carefully and the problem seems to be, that the appliaction is using "Basic Authentication" at the moment. Using this kind of authentification generates a session-cookie, that will persist until the browser is closed.



My first attempt was to get rid of the cookie using jscript, but this did not work. First i thought, there was a bug in my jscript-coding, and so i opened the corresponding menu of my browser and deleted any cookie by hand. Unfortunatelly, this had no effect - i was still able to use the page and my session was still existent.



So i searched for further informations and found out, that it should be quite easy to implement a logout, if SSO-Login was used for athentification. Unfortunatelly i also found out, that SSO is not available on our system, so i will have to find another way.



Finally i found out, that a logout can be done by simply setting the application into stateless mode, if fields authentication is used.
I tested this for a simple test-application i had written a few days ago and everything worked fine: I had to enter my logon-data at the first call of the application, the login worked as expected and setting the application to stateless mode ended my session immediatelly. Reloading the page or using e.g. the back-button of the browser did not cause any trouble, so i wanted to use this technique, because the behaviour of the testpage exactly met the requirement.



My next step was to enter transaction sicf and to delete every authentication-mechanism except of "Fields Authentication" to enforce the usage of this mechanism for my bsp-application. It worked somehow, but not in the way, i expected.



When trying to open my bsp-application, i had to enter my logon-data in an html-form (as expected).



But sending the data did not create a session. I have to log in between 2 and 5 times (it differs for every try) before i finally see the first page of my bsp-application.



Once logged in, the session is quite "unstable" - a simple reload of the page throws me back to the logon page again.



I have no clue, what causes this creepy behaviour - i copied the settings of my testappliaction 1:1 in sicf, both applications are stateful by default and the only place, where the switch to stateless mode is done is my logout-page. Yesterday i even deleted the service of my application in sicf, created a new one and customized it in the same way, i had customized the service of my test-application, so there should be no differences (i have checked for about 10 times).



As i have already searched the forum and did not find anything, that seemed to match to my problem, i hope, that somebody can give me some advice, because i really do'nt know, what else to try.



Below you can see the configuration of the service in SICF. Any option not listed here has its initial value:




Procedure: Alternative Logon Procedure

Logon Procedure (The Table-control at the bottom of the page) holds only one entry: "Fields Authentication"




System Logon: True




Settings Selection->Define Service Specific Settings: true

System Logon Settings->Select Display->System Messages: true

System Logon Settings->Actions During Logon->Protocol: "Do Not Switch"

System Logon Settings->Default->Client: 101

System Logon Settings->Default->Language: "German"

System Logon Settings->Logon Layout And Procedure->SAP Implementation: true

System Logon Settings->Logon Layout And Procedure->Tmpl.: "Normal"

System Logon Settings->Logon Layout And Procedure->SAP Icon: "Chrome"





And here is some information according to the bsp-application:

Initial BSP: set

Application Class: set (My test-page did not use an application-class - this seems to be the only difference)

Theme: not set

Stateful: yes

Supports Portal Integration: no





I do'nt know, if there is any other information, that could be useful for solving the problem - if anything is missing, just ask for it and i will provide the infomation needed.



Thanks in advance.




Regards, Jörg Neumann

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

krishnendu_laha
Active Contributor
‎05-16-2010 5:34 PM
0 Kudos

hello,

Please try to use the below javascript command:

try

{

document.execCommand( 'ClearAuthenticationCache' );

}

catch(e)

{

}

Hope problem can be solved!

Thanks.

Show replies
Show replies
jrg_neumann
Explorer
‎05-17-2010 8:01 AM
0 Kudos

Hello.

I have tested your solution and it works fine.

Thank you very much.

Regards, Jörg

EDIT: I just tested this solution with Firefox v3.5.2 and it did'nt work.

The function ClearAuthenticationCache seems to be unavailable under firefox: .

Does anybody know an alternative for firefox? ( As firefox is not officially supported a proper logout for firefox is a 'nice to have' - The IE-Logout was much more important ).

Edited by: Jörg Neumann on May 17, 2010 9:37 AM

Former Member
‎08-18-2014 2:57 PM
0 Kudos

Hi there,

although this topic is quite old, I want to bring it up again since I got exactly the same requirement here.



document.execCommand( 'ClearAuthenticationCache' );

is working still fine in IE 11, but unfortunately not in other browser.

For our application the logout has to work for different browsers, including mobile versions of chrome, firefox and so on.

In my opinion there should be an option to implement the logout on server-side (instead of using client-side javascript).

Maybe somebody got an solution which solves this issue in a "cross-browser safe" way?

Many thanks,

greets ben

jrg_neumann
Explorer
‎08-22-2014 8:48 PM
0 Kudos

Hello,

up to now we also faced a lot of issues with that logout-problem.

Especially the logout for IE 5.5 and the XUL-runner gave us a hard time.

We had to change our logout-page about 10 times now, because some weird browser did not work like all the others - AGAIN...

Here is, what we got so far.

As far as i know, this stuff should work cross-browser, but it's still client-side jscript.

<%-- --------------------------------------------------------------

This is the jscript, that will log you out                      

-------------------------------------------------------------- --%>

<span id="onloadscript"><!--

  function DelSso2Cookie(sName,sPath){

    var sso2Domain = location.hostname;

    if (location.hostname.indexOf(".")!=0) sso2Domain = location.hostname.substr(location.hostname.indexOf(".")+1);

    p="";

    if(sPath)p=" path="+sPath+";";

    document.cookie = sName+"=0; expires=Fri, 31 Dec 1999 23:59:59GMT;"+p + "domain="+sso2Domain+";";

  };

  try{

    document.execCommand( 'ClearAuthenticationCache' );

  } catch (e) {}

  DelSso2Cookie("MYSAPSSO2","/");

//--></span>

<%

CALL FUNCTION 'HTTP_DELETE_SSO2_COOKIE'

  EXPORTING

    server = runtime->server.

%>

<%-- --------------------------------------------------------------

Calling the script directly did not work in all browsers        

so we had to use a trick, that may seem kind of weird...        

                                                             

We use the onLoad-Event of a transparent 1x1-pixel-image.       

                                                             

The query-string is a dummy-value, that will be ignored by the   

server but it forces the client to reload the picture from the   

server instead of reading it from the browser cache.             

                                                             

This dirty hack was necessary, because some browsers will not   

fire the onLoad-Event, if the image was read from the browsers  

cache.                                                          

-------------------------------------------------------------- --%>

<%

    DATA: lv_img_url TYPE string.

   

    CONCATENATE '/sap/public/bc/ur/nw5/1x1.gif?'

                'dummy=' sy-datum '_' sy-uzeit

           INTO lv_img_url.

%>

<img src="<%=lv_img_url%>" onload="eval( document.getElementById('onloadscript').childNodes[0].nodeValue );">

Regards, Jörg

former_member356229
Explorer
‎09-18-2014 1:07 PM
0 Kudos

Hello,

do you tried the method logoff of the interface IF_HTTP_SERVER? If you are using CL_BSP_CONTROLLER2 you can reach it with server->logoff( ). If not you should reach it with runtime->server->logoff( ).

I tried it with IE, Chrome and an old version of IE and it works fine for me.

Regards,

Tobias

jrg_neumann
Explorer
‎09-18-2014 3:20 PM
0 Kudos

Thanks for the advice, but i am a little bit confused about that method...

I just checked the interface in our system and there are 2 implementing classes:

- CL_HTTP_SERVER

- CL_ILM_STOR_WD_MOCK_HTTP_SERV

None of these classes implements the method IF_HTTP_SERVER~LOGOFF (The method contains no coding), so i really doubt, that this method will actually log me out.

Are you using the method in a BSP or in WebDynpro?

Are you doing anything else to log the user out?

The coding i posted above is used as a logout-page for a WebDynpro-Application.

former_member356229
Explorer
‎09-23-2014 7:50 AM
0 Kudos

Yes i am using this method in a BSP. I thought that would be clear, because we are in the BSP topic.

The interface is in the class CL_BSP_CONTROLLER2 as an attribute for example. Also the class CL_HTTP_SERVER_NET implements on my release the mentioned method.

I used the debugger and here is the call stack right after the method call.

After the method call I redirect to the login page.

jrg_neumann
Explorer
‎09-23-2014 9:37 AM
0 Kudos

Mystery solved: I forgot to check the subclasses of the implementing classes.

CL_HTTP_SERVER implements an empty Method IF_HTTP_SERVER~LOGOFF (what confused me),

... that is redefined with an actually useful implementation in CL_HTTP_SERVER_NET.

Thanks for that information! Now the whole thing makes sense...

I'll definitelly give that one a try, if i have to adjust our logout-page again.

former_member356229
Explorer
‎09-23-2014 12:29 PM
0 Kudos

It seems that we are on different releases anyway, because the parameters of the method are different, i cant set a redirect URL!

Please let me know if it works for you!

jrg_neumann
Explorer
‎09-23-2014 2:59 PM
0 Kudos

I just tested it with a dummy-application in my $TMP-Package and this stuff really works!

I tested it in two scenarios:

1.) Logging off from a bsp-application

2.) Logging off from a webdynpro-application (Redirect to logout-page in SICF-Node)

Both scenarios worked fine.

And they worked without ugly JScript on clientside on which you can't rely.

Former Member
‎01-16-2015 10:39 AM
0 Kudos

Hi Mr. Neumann,

I had very similar Problem that you had.

Could you please send me coding how you implemented in layout/eventhandler.

Thanks a lot in advance

jrg_neumann
Explorer
‎01-26-2015 6:27 PM
0 Kudos

Hello Mr. Park,

the only interesting thing about my layout could be the "relogin"-Link, which is just a link with no target.

This is a little trick, that comes in very handy, when building a logout-page, as an empty link just reloads the URL currently displayed in the browsers address-bar.

As this URL is not changed, when the Server triggers the navigation to a logout page, clicking this link will reload your main-application.

This litte trick spares you the hassle to set an explicit relogin-URL for each and every main-application that might once use this logout page 



<p><a href=""><%= otr(Your_OTR_Alias_here>) %></a></p>

The event-handlers are also VERY simple: Just copy this line to the event-handler OnRequest.



runtime->server->logoff( ).

Hope that helped...

Regards,

Jörg

soldner
Participant
‎03-13-2015 8:40 PM
0 Kudos

Mr. Neuman,

Did you create a separate page for logoff?  And just 1 event, OnRequest?

Thanks you for your answers!

Regards,

Steve

jrg_neumann
Explorer
‎03-16-2015 8:00 PM
0 Kudos

Hello Mr. Oldner,

exactly!

I created a new BSP-Application, that has one page sessionexit.htm (The name is not important - name it, whatever you want).

The page sessionexit.htm has exactly one eventhandler OnRequest, that contains one line of code (See above).

Regards,

Jörg

soldner
Participant
‎03-17-2015 1:39 PM
0 Kudos

Seems to work for me.  I added it as a page.  When used as a standalone app, I am having some issues, however it does close out session and prompts me for login.

Vielen Dank !!! 

Answers (0)

Ask a Question