BSP: Logout does not work
At the moment i am re-developing a bsp-application, that i have written about 2 years ago.
I have to add a logout-funtion to the new version, as the users desperately want it (Some of our users seem to get nervous, when login on to a page, that provides no logout button...).
I have already tried navigation->exit() but this method only drops the application context - the session will not be terminated, so that the user will not be promted for login-data when e.g. pressing the back-button of the browser.
I read the documentation on help.sap.com carefully and the problem seems to be, that the appliaction is using "Basic Authentication" at the moment. Using this kind of authentification generates a session-cookie, that will persist until the browser is closed.
My first attempt was to get rid of the cookie using jscript, but this did not work. First i thought, there was a bug in my jscript-coding, and so i opened the corresponding menu of my browser and deleted any cookie by hand. Unfortunatelly, this had no effect - i was still able to use the page and my session was still existent.
So i searched for further informations and found out, that it should be quite easy to implement a logout, if SSO-Login was used for athentification. Unfortunatelly i also found out, that SSO is not available on our system, so i will have to find another way.
Finally i found out, that a logout can be done by simply setting the application into stateless mode, if fields authentication is used.
I tested this for a simple test-application i had written a few days ago and everything worked fine: I had to enter my logon-data at the first call of the application, the login worked as expected and setting the application to stateless mode ended my session immediatelly. Reloading the page or using e.g. the back-button of the browser did not cause any trouble, so i wanted to use this technique, because the behaviour of the testpage exactly met the requirement.
My next step was to enter transaction sicf and to delete every authentication-mechanism except of "Fields Authentication" to enforce the usage of this mechanism for my bsp-application. It worked somehow, but not in the way, i expected.
When trying to open my bsp-application, i had to enter my logon-data in an html-form (as expected).
But sending the data did not create a session. I have to log in between 2 and 5 times (it differs for every try) before i finally see the first page of my bsp-application.
Once logged in, the session is quite "unstable" - a simple reload of the page throws me back to the logon page again.
I have no clue, what causes this creepy behaviour - i copied the settings of my testappliaction 1:1 in sicf, both applications are stateful by default and the only place, where the switch to stateless mode is done is my logout-page. Yesterday i even deleted the service of my application in sicf, created a new one and customized it in the same way, i had customized the service of my test-application, so there should be no differences (i have checked for about 10 times).
As i have already searched the forum and did not find anything, that seemed to match to my problem, i hope, that somebody can give me some advice, because i really do'nt know, what else to try.
Below you can see the configuration of the service in SICF. Any option not listed here has its initial value:
Settings Selection->Define Service Specific Settings: true
System Logon Settings->Select Display->System Messages: true
System Logon Settings->Actions During Logon->Protocol: "Do Not Switch"
System Logon Settings->Default->Client: 101
System Logon Settings->Default->Language: "German"
System Logon Settings->Logon Layout And Procedure->SAP Implementation: true
System Logon Settings->Logon Layout And Procedure->Tmpl.: "Normal"
System Logon Settings->Logon Layout And Procedure->SAP Icon: "Chrome"
And here is some information according to the bsp-application:
Initial BSP: set
Application Class: set (My test-page did not use an application-class - this seems to be the only difference)
Theme: not set
Supports Portal Integration: no
I do'nt know, if there is any other information, that could be useful for solving the problem - if anything is missing, just ask for it and i will provide the infomation needed.
Thanks in advance.
Regards, Jörg Neumann
Tobias Schmidt replied
do you tried the method logoff of the interface IF_HTTP_SERVER? If you are using CL_BSP_CONTROLLER2 you can reach it with server->logoff( ). If not you should reach it with runtime->server->logoff( ).
I tried it with IE, Chrome and an old version of IE and it works fine for me.