cancel
Showing results for 
Search instead for 
Did you mean: 

Logout from SAPUI5 / XSJS page

Former Member
0 Kudos

Hello,

We have a built an SAPUI5 application on SAP HANA XS. In the shell there is a logout functionality in shell, but not sure on how to implement it. We are using the below code for the logout function (copied from online).

logout:function(){

    oShell.forceInvalidation();

    oShell.destroy();

    sap.ui.getCore().applyChanges();

    jQuery(document.body).html("<span>Logged out successfully.</span>");

},

But even though the page clears but on the browser refresh, it logs in automatically, which means it has not logged out really from the server / cookies.

Could you pls provide some pointers on how to implement this? whether the $ api's in XSJS provide any such functionality?

Thanks,

Chathia.

Accepted Solutions (1)

Accepted Solutions (1)

christian_jianelli
Contributor
0 Kudos

Hi Chathia,

I trying to solve the same issue and i've found some relevant information.

Code to be implemented in the logout button (Shell)

if(navigator.userAgent.toLowerCase().indexOf('chrome') > -1){

       window.open('', '_self', ''); //bug fix (Chrome)

       window.close();

}else{

       // To close a window not opened with JavaScript you will have to change the Firefox options...

       // go to "about:config" and set the value of "dom.allow_scripts_to_close_windows" to true...

       window.close();

}

And a link that I just found that I will try to use to handle the logoff on the Firefox

http://www.javaxt.com/Tutorials/Javascript/Form_Based_HTTP_Authentication

Regards,

Christian

Former Member
0 Kudos

Hi Christian,

Thanks for your response. I've implemented the code for logging out and the status below:

1. Chrome & Firefox

     - if additional tabs were open, it does not really logout. Only if all the chrome tabs are closed, it prompts for login screen again

2. Internet Explorer 10

     - Works fine

Is there a logoff api from server-side XSJS?

Regards,

Chathia.

christian_jianelli
Contributor
0 Kudos

Hi Chathia,

Sorry, but I don't know if there is a logoff api. By the way, last week I found the SAP note below, that is related to ABAP WebAS. Maybe there is something similar in Hana.


1318220 - Incomplete logoff from ICF ABAP applications

Solution

To ensure that no logon data is stored in the browser after you correctly execute an ICF service in

the Internet Communication Framework (ICF), the application must also perform the following

administrative configuration steps (in addition to calling the method IF_HTTP_SERVER~LOGOFF):

1. Create an external alias in transaction SICF that refers to the service (for example,

"/myapplication", which refers to the internal service "/sap/bc/webdynpro/sap/myapplication").

2. You must use the form fields to log on. In this case, you must have configured "System Logon"

as the logon procedure. To to this, select "System logon" in the relevant system alias and on

the "Error Pages -> Logon Errors" tab page.

3. Prevent the system evaluating the logon data in "Basic Authentication" or "SSL Certificate"

format. To do this, proceed as follows:

a) Select "Alternative Logon Procedure" on the "Logon Order" tab page for the external

alias.

b) Remove the logon procedures "Logon using SSL Certificate" and "Basic Authentication" from

the logon procedure list.

Comment:

>> We recommend that you close the browser after you log off. This prevents further use of the

logon data and the application data that was saved in the browser cache.

>> Note the following: When the application is terminated, for example, due to an ABAP runtime

error or error messages of the type "A", "E" or "X", the logoff is performed incorrectly and the

logon data is not removed from the browser.

>> If you want to ensure that the logoff page that is stored on the error page tab page of the

service is sent, the method IF_HTTP_SERVER~SEND_PAGE must be called after the execution of the

method IF_HTTP_SERVER~LOGOFF.


Former Member
0 Kudos

Hello Christian,

How would we force a browser close on Logoff? The very recent chrome version is not working when using the commands:

1. window.close();               OR

2. window.open(window.location, '_self').close();

as for a UI5 application, it says, "scripts can not close windows, they had not opened".

christian_jianelli
Contributor
0 Kudos

Hello Utkarsha,

Unfortunately I don't know any way to bypass this validation. What I am doing in my applications is to logoff the user on the server side (killing the session) and redirect the user to the logon page. This does not prevent the user from hit the back button and access the application again but once the session does not exist on the server side anymore he is not authorized to perform anything and is redirect to the logon page trying to do so.

Best regards,

Christian

Former Member
0 Kudos

Thank you for your response Christian.

The requirement of directly closing the browser has come as a result of not being able to clear SSO cookies after logoff. For logoff, we're calling the standard SAP logoff ICF service, ie, on the server side. Therefore, only after closing the browser can we invalidate the SSO cookies. This problem is only specific to newer versions of chrome [we have a workaround for IE or Firefox].

Please let me know if you know a workaround to clear SSO cookies specific for current chrome browser versions.

Thank you.

christian_jianelli
Contributor
0 Kudos

If you are using HTTP BASIC authentication the only way to complete the logoff is closing the browser. The SSO cookie can be cleared but this must done the server side (that will tell the browser to discard the cookie). I'm able to clear the cookie on the ABAP WebAS but I don't know how to do that on Hana. I suggest you to contact SAP because this is a common requirement ant thy must provide a way to clear the SSO cookie.

Best regards,

Christian

Answers (2)

Answers (2)

sreehari_vpillai
Active Contributor
0 Kudos

check this,

doLogout: function(){

<span style="font-family: Arial, Verdana; font-size: small;"> </span>


  $.ajax({

     url : "/sap/hana/xs/formLogin/token.xsjs",

     type : "GET",

     beforeSend: function(request) {

         request.setRequestHeader("X-CSRF-Token", "Fetch");

     },

     success : function(data, textStatus, XMLHttpRequest) {

         var token = XMLHttpRequest.getResponseHeader("X-CSRF-Token");

        

         $.ajax({

         url : "/sap/hana/xs/formLogin/logout.xscfunc",

         type : "POST",

         beforeSend: function(request) {

          request.setRequestHeader("X-CSRF-Token", token);

         },

         success : function(data, textStatus, XMLHttpRequest) {

         

          var mLayout = sap.ui.getCore().byId("mLayout");

                        //mLayout is the id of main layout. Change it accordingly

         

          mLayout.destroy();

          sap.ui.getCore().applyChanges();

          jQuery(document.body).html("<span>Logged out successfully.</span>");

          window.location.reload();

         

         }

        });

     }

  });

<span style="font-family: Arial, Verdana; font-size: small;"> </span>

  }

Former Member
0 Kudos

Thanks !!!.  I works fine !! Nice Work

Former Member
0 Kudos

worked well!

Thanks

0 Kudos
Former Member
0 Kudos

Hi Veera,

The link seems to be not accessible for me (probably internal to sap?).

Could you please share that doc if available?

Regards,

Chathia.