on 06-01-2005 7:55 AM
Hi,
is there a possibility to delete the MYSAPSSO2 cookie on client side from a BSP?
I want to force the user to enter his password and userid again after visiting a special BSP.
Regards
Daniel
You are right. Your code works fine. The cookie is deleted. But I still have the Problem that the user is not asked for his password and userid. It dosent matter if the side is from the same bsp-application or from another.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
It is probably because you also have a basic authentication header set. Once you have this popup to ask for name+password, you have effectively lost. Only thereafter is the sso2 cookie set. So you have two sources of authentication data. The trick is to use some form of formbased logon (ex: 620 our system application) that gets the sso2 cookie set without requiring basic authentication.
Authentication is unfortunately a very complex problem. You will have to understand all of it to achieve you goals. One , for IE6.1SPxyz (only!), there is a technique to delete the basic authentication header.
For the record: there is a planned change that will make it impossible to delete the SSO2 cookie in the browser. No timeframe has been set yet. Then you have to delete the cookie via a server roundtrip.
Thanks for your help.
i tried your code Serigio, but i was redirected to my next page without asking for my userid or password. So I think the cookie was not deleted.
Perhaps the only chance to force the user to reenter userid and password is to close the browser.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
It's strange. To me it works fine.
Are you able to check which cookies are present in the browser?
In IE you can type in the URL javascript:document.cookie;
The Firefox extension Web Developer provide you with the function Information - View cookie information.
I suppose that the cookie is deleted but not the session.
Are you going from one BSP application to the other or just jumping between pages of the same application?
Thanks Raja,
but these sides dont solve my problem, because to delete the cookie i have to close the browser. Without closing the Browser only the session is closed. If I press my browser´s "back-button" i can reach my last bsp, even without entering my userid and password.
So the cookie must still exist and is not deleted from the BSP.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
I may suggest to redirect your users to a logoff.htm page that contains the following code:
<html>
<script language="JavaScript">
// Delete the cookie with the specified name.
function DelSso2Cookie(sName,sPath)
{
// 2 livels
var sso2Domain = location.hostname;
if (location.hostname.indexOf(".")>0)
sso2Domain = location.hostname.substr(location.hostname.indexOf(".")+1);
p="";
if(sPath)p=" path="sPath";";
document.cookie = sName"=0; expires=Fri, 31 Dec 1999 23:59:59 GMT;"p + "domain="sso2Domain";";
// 3 livels
sso2Domain = location.hostname;
p="";
if(sPath)p=" path="sPath";";
document.cookie = sName"=0; expires=Fri, 31 Dec 1999 23:59:59 GMT;"p + "domain="sso2Domain";";
}
</script>
<META HTTP-EQUIV=Refresh CONTENT="0; URL=/myHomePage">
<BODY onLoad='DelSso2Cookie("MYSAPSSO2","/");'>
Logging off...
</BODY>
</html>
This page will delete the cookie and will redirect to a page that you can set in the URL parameter of the <META HTTP-EQUIV=Refresh statement..
check out BSP application <b>system</b> and pages
session_buffered_frame.htm
session_single_frame.htm
pages for the sample code.
Regards
Raja
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
88 | |
23 | |
11 | |
9 | |
8 | |
5 | |
5 | |
5 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.