cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SSO2 Cookie deletion on session time out

rikardt_louw2
Explorer

on ‎10-12-2010 7:57 AM

0 Kudos

Hi

I currently have the problem where i need to delete the SSO2 Cookie on a session timeout.

The scenario is where the web dynpro application has been idle and the session has expired. I need to delete the SSO2 cookie when this occurs so that the web paged cannot be refreshed.

The logoff button works correctly and i can delete the cookie.

You cannot delete the cookie in the WDDOEXIT on the session expiration it will not communicate to the browser.

If anyone knows a work around please let me know.

Thanks

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (3)

Answers (3)

rikardt_louw2
Explorer
‎10-14-2010 4:15 AM
0 Kudos

At first I changed the valid date of the Cookie via javascript injection into the web dynpro (Before Action event) itself , it worked but it is not recommended and i did not want to go live with such a method.

So i changed it to timedtriggers = i have two timers. I set the first timer to the session timeout length + 1 min for the web dynpro application. The second one is disabled.

When the user actions on the form i disable the first timer and set the second timer to the session timeout length + 1 min and vice versa as the user interacts with the form. This allows timers to be reset.

I added it in the modify view event as i know it will get fired everytime.

You have to add a empty action behind the timers.

The timer runs in javascript so its sends back a post back even though the session has expired. This acts the same as a user input and calls the error page so you can kill the cookie. It seems to work pretty well.

It would be nice if this was a built in feature though.

Show replies
Show replies
ChrisPaine
Active Contributor
‎10-14-2010 4:44 AM
0 Kudos 
It would be nice if this was a built in feature though.

fully agree! also having the solution as you have it requires that your entire application runs in the same view - so rules out the use of frameworks like the FPM...

rikardt_louw2
Explorer
‎10-14-2010 2:29 AM
0 Kudos

Probably not the best way but i got the session to expire the SSO2 ticket on session termination without any user interaction.

I have used timers that reset when there is user interaction on the form and has a delay of one minute longer than the session timeout this kicks back to a empty event on the server same as a button that is clicked and the logoff / error page will be called.

Show replies
Show replies
ChrisPaine
Active Contributor
‎10-14-2010 3:44 AM
0 Kudos 
I have used timers that reset when there is user interaction on the form

out of interest - how are you doing this? Is this specific code - JavaScript in an Adobe form? Or how else are you achieving the result?

Thanks,

Chris

ChrisPaine
Active Contributor
‎10-12-2010 8:36 AM
0 Kudos

Hi Rikardt,

have you tried the approach show in the help link:

[Application Logoff Page - remove SSO cookie|http://help.sap.com/saphelp_nw04s/helpdata/en/fc/04a5421935c511e10000000a1550b0/frameset.htm]

but rather than putting the SSO remove logic/script into the the exit page also put it in the error pages?

When I tried this by causing my app to crash it successfully called the script...

Cheers,

Chris

Show replies
Show replies
rikardt_louw2
Explorer
‎10-12-2010 8:41 AM
0 Kudos

Hi Chris

Thanks for the prompt response. I have done this but the problem is that the time out message is never thrown because the url is refreshed so the javascript is never called, There is no user interaction on the form after the timeout. The url is just refreshed. so the user is just logged in again.

Rikardt

Ask a Question