cancel
Showing results for 
Search instead for 
Did you mean: 

Delete MYSAPSSO2 cookie on client side

Former Member
0 Kudos

Hi,

is there a possibility to delete the MYSAPSSO2 cookie on client side from a BSP?

I want to force the user to enter his password and userid again after visiting a special BSP.

Regards

Daniel

Accepted Solutions (0)

Answers (4)

Answers (4)

Former Member
0 Kudos

You are right. Your code works fine. The cookie is deleted. But I still have the Problem that the user is not asked for his password and userid. It dosent matter if the side is from the same bsp-application or from another.

former_member181879
Active Contributor
0 Kudos

It is probably because you also have a basic authentication header set. Once you have this popup to ask for name+password, you have effectively lost. Only thereafter is the sso2 cookie set. So you have two sources of authentication data. The trick is to use some form of formbased logon (ex: 620 our system application) that gets the sso2 cookie set without requiring basic authentication.

Authentication is unfortunately a very complex problem. You will have to understand all of it to achieve you goals. One , for IE6.1SPxyz (only!), there is a technique to delete the basic authentication header.

For the record: there is a planned change that will make it impossible to delete the SSO2 cookie in the browser. No timeframe has been set yet. Then you have to delete the cookie via a server roundtrip.

Former Member
0 Kudos

Thanks for your help.

i tried your code Serigio, but i was redirected to my next page without asking for my userid or password. So I think the cookie was not deleted.

Perhaps the only chance to force the user to reenter userid and password is to close the browser.

SergioFerrari
Active Contributor
0 Kudos

It's strange. To me it works fine.

Are you able to check which cookies are present in the browser?

In IE you can type in the URL javascript:document.cookie;

The Firefox extension Web Developer provide you with the function Information - View cookie information.

I suppose that the cookie is deleted but not the session.

Are you going from one BSP application to the other or just jumping between pages of the same application?

Former Member
0 Kudos

Thanks Raja,

but these sides dont solve my problem, because to delete the cookie i have to close the browser. Without closing the Browser only the session is closed. If I press my browser´s "back-button" i can reach my last bsp, even without entering my userid and password.

So the cookie must still exist and is not deleted from the BSP.

Former Member
0 Kudos

Hello Daniel,

Can you not just delete the cookie with this :

document.cookie = "test_cookie=test;expires="expires";path=/";

Where the var expires has a date or time that's in the past ?

Dirk.

SergioFerrari
Active Contributor
0 Kudos

I may suggest to redirect your users to a logoff.htm page that contains the following code:

<html>

<script language="JavaScript">

// Delete the cookie with the specified name.

function DelSso2Cookie(sName,sPath)

{

// 2 livels

var sso2Domain = location.hostname;

if (location.hostname.indexOf(".")>0)

sso2Domain = location.hostname.substr(location.hostname.indexOf(".")+1);

p="";

if(sPath)p=" path="sPath";";

document.cookie = sName"=0; expires=Fri, 31 Dec 1999 23:59:59 GMT;"p + "domain="sso2Domain";";

// 3 livels

sso2Domain = location.hostname;

p="";

if(sPath)p=" path="sPath";";

document.cookie = sName"=0; expires=Fri, 31 Dec 1999 23:59:59 GMT;"p + "domain="sso2Domain";";

}

</script>

<META HTTP-EQUIV=Refresh CONTENT="0; URL=/myHomePage">

<BODY onLoad='DelSso2Cookie("MYSAPSSO2","/");'>

Logging off...

</BODY>

</html>

This page will delete the cookie and will redirect to a page that you can set in the URL parameter of the <META HTTP-EQUIV=Refresh statement..

athavanraja
Active Contributor
0 Kudos

check out BSP application <b>system</b> and pages

session_buffered_frame.htm

session_single_frame.htm

pages for the sample code.

Regards

Raja