Expiring IWAUTH cookie

Hi,

I have customised the logout button on Content Center through the ui_custom.xml so that when a user clicks on logout, a cgi script is invoked rather than the standard logout functionality.

I want to be able to expire the IWAUTH cookie, so that the session is terminated and the user cannot go back into Teamsite. I have tried using the CGI::Cookie module to clear this cookie, but this does not seem to work. If I close the window programmatically, then that terminates the session, which is fine in IE6, but with IE7 I do not want to close the entire window as the user may have other applications running on the same window but on different tabs. I can close a tab using javascript , but the session remains active.

I believe I need to expire the IWAUTH cookie as that controls access to TeamSite, but IWAUTH is a server side cookie. Is anyone aware of how I may go and expire a server side cookie?

Thanks in advance
Mashuk

Find more posts tagged with

Comments

ISCBorisB

I believe I need to expire the IWAUTH cookie as that controls access to TeamSite, but IWAUTH is a server side cookie. Is anyone aware of how I may go and expire a server side cookie?

IWAUTH is not Server-Side Cookie. On the Client side you can expire it with the JS by generating something like the following from your CGI script:
document.cookie = "IWAUTH=; expires=Thu, 01 Jan 1970 12:00:00 GMT; path=/";

Mashuk

Tried expiring the IWAUTH cookie using the javascript as suggested but this does not terminate the session. The reason why I have customised the logout functionality is because the authentication is being handled by siteminder and since siteminder controls the session the standard logout functionality does not work.

Is there a way of getting the teamsite session using say the CGI: Smiley Frustrated

ession perl module? What would be the name of the teamsite session?

ISCBorisB

Tried expiring the IWAUTH cookie using the javascript as suggested but this does not terminate the session

What did you expect? Your SiteMinder (you did not mention that *insignificant* detail before) has no idea that something happened
to some obscure cookie of one of the Browsers of one of the the logged Clients.

Is there a way of getting the teamsite session using say the CGI:ession perl module? What would be the name of the teamsite session?

No. IWOV does not use CGI: Smiley Frustrated

ession framework. In general, TS Session management is not exposed to the System Users.

Start by checking if everything is configured correctly in your SM Integration. I did it once (for 5.5, years ago) and what you are trying to do by
questionable hacking was OOTB Functionality. Once logged off, Clients were not able to get to TS GUI without re-logging.
If after that you are still not satisfied get to IWOV (and perhaps Netegrity) Documentation on SiiteMinder integration and see if there is any exposed API to force SiteMinder
Session termination. Note that SM Integration has been seriously modified in 6.7, check KBs.

Hth