on 10-25-2013 7:30 PM
Hello,
We have a built an SAPUI5 application on SAP HANA XS. In the shell there is a logout functionality in shell, but not sure on how to implement it. We are using the below code for the logout function (copied from online).
logout:function(){
oShell.forceInvalidation();
oShell.destroy();
sap.ui.getCore().applyChanges();
jQuery(document.body).html("<span>Logged out successfully.</span>");
},
But even though the page clears but on the browser refresh, it logs in automatically, which means it has not logged out really from the server / cookies.
Could you pls provide some pointers on how to implement this? whether the $ api's in XSJS provide any such functionality?
Thanks,
Chathia.
Hi Chathia,
I trying to solve the same issue and i've found some relevant information.
Code to be implemented in the logout button (Shell)
if(navigator.userAgent.toLowerCase().indexOf('chrome') > -1){
window.open('', '_self', ''); //bug fix (Chrome)
window.close();
}else{
// To close a window not opened with JavaScript you will have to change the Firefox options...
// go to "about:config" and set the value of "dom.allow_scripts_to_close_windows" to true...
window.close();
}
And a link that I just found that I will try to use to handle the logoff on the Firefox
http://www.javaxt.com/Tutorials/Javascript/Form_Based_HTTP_Authentication
Regards,
Christian
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Christian,
Thanks for your response. I've implemented the code for logging out and the status below:
1. Chrome & Firefox
- if additional tabs were open, it does not really logout. Only if all the chrome tabs are closed, it prompts for login screen again
2. Internet Explorer 10
- Works fine
Is there a logoff api from server-side XSJS?
Regards,
Chathia.
Hi Chathia,
Sorry, but I don't know if there is a logoff api. By the way, last week I found the SAP note below, that is related to ABAP WebAS. Maybe there is something similar in Hana.
Solution
To ensure that no logon data is stored in the browser after you correctly execute an ICF service in
the Internet Communication Framework (ICF), the application must also perform the following
administrative configuration steps (in addition to calling the method IF_HTTP_SERVER~LOGOFF):
1. Create an external alias in transaction SICF that refers to the service (for example,
"/myapplication", which refers to the internal service "/sap/bc/webdynpro/sap/myapplication").
2. You must use the form fields to log on. In this case, you must have configured "System Logon"
as the logon procedure. To to this, select "System logon" in the relevant system alias and on
the "Error Pages -> Logon Errors" tab page.
3. Prevent the system evaluating the logon data in "Basic Authentication" or "SSL Certificate"
format. To do this, proceed as follows:
a) Select "Alternative Logon Procedure" on the "Logon Order" tab page for the external
alias.
b) Remove the logon procedures "Logon using SSL Certificate" and "Basic Authentication" from
the logon procedure list.
Comment:
>> We recommend that you close the browser after you log off. This prevents further use of the
logon data and the application data that was saved in the browser cache.
>> Note the following: When the application is terminated, for example, due to an ABAP runtime
error or error messages of the type "A", "E" or "X", the logoff is performed incorrectly and the
logon data is not removed from the browser.
>> If you want to ensure that the logoff page that is stored on the error page tab page of the
service is sent, the method IF_HTTP_SERVER~SEND_PAGE must be called after the execution of the
method IF_HTTP_SERVER~LOGOFF.
Hello Utkarsha,
Unfortunately I don't know any way to bypass this validation. What I am doing in my applications is to logoff the user on the server side (killing the session) and redirect the user to the logon page. This does not prevent the user from hit the back button and access the application again but once the session does not exist on the server side anymore he is not authorized to perform anything and is redirect to the logon page trying to do so.
Best regards,
Christian
Thank you for your response Christian.
The requirement of directly closing the browser has come as a result of not being able to clear SSO cookies after logoff. For logoff, we're calling the standard SAP logoff ICF service, ie, on the server side. Therefore, only after closing the browser can we invalidate the SSO cookies. This problem is only specific to newer versions of chrome [we have a workaround for IE or Firefox].
Please let me know if you know a workaround to clear SSO cookies specific for current chrome browser versions.
Thank you.
If you are using HTTP BASIC authentication the only way to complete the logoff is closing the browser. The SSO cookie can be cleared but this must done the server side (that will tell the browser to discard the cookie). I'm able to clear the cookie on the ABAP WebAS but I don't know how to do that on Hana. I suggest you to contact SAP because this is a common requirement ant thy must provide a way to clear the SSO cookie.
Best regards,
Christian
check this,
<span style="font-family: Arial, Verdana; font-size: small;"> </span>
$.ajax({
url : "/sap/hana/xs/formLogin/token.xsjs",
type : "GET",
beforeSend: function(request) {
request.setRequestHeader("X-CSRF-Token", "Fetch");
},
success : function(data, textStatus, XMLHttpRequest) {
var token = XMLHttpRequest.getResponseHeader("X-CSRF-Token");
$.ajax({
url : "/sap/hana/xs/formLogin/logout.xscfunc",
type : "POST",
beforeSend: function(request) {
request.setRequestHeader("X-CSRF-Token", token);
},
success : function(data, textStatus, XMLHttpRequest) {
var mLayout = sap.ui.getCore().byId("mLayout");
//mLayout is the id of main layout. Change it accordingly
mLayout.destroy();
sap.ui.getCore().applyChanges();
jQuery(document.body).html("<span>Logged out successfully.</span>");
window.location.reload();
}
});
}
});
<span style="font-family: Arial, Verdana; font-size: small;"> </span>
}
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Kindly check this link below
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
84 | |
23 | |
11 | |
9 | |
8 | |
5 | |
5 | |
5 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.