 |
cosign-discuss at umich.edu
|
|
general discussion of cosign development and deployment
|
|
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: logout vbscript
The fundamental issue with VBScript is that it helpfully *cough*
encodes hyphens
to %2D. The following all that needs to be done to delete the service cookie
before logging out:
<%
Session.Abandon
'get cosign cookie name as string
cosignCookie = CStr(Request.ServerVariables("HTTP_COSIGN_SERVICE"))
Response.Cookies(cosignCookie)="null"
Response.Redirect(
"https://weblogin.umich.edu/cgi-bin/logout?https://www.umich.edu/"; )
%>
You can look at your cookies, Firefox is helpful here, and see that
you'll have
a cookie such as cosign%2dsomeservice set to "null".
If anybody out there knows how to tell ASP that a hyphen really is a hyphen,
please share.
I wrote a cosignlogout.dll to handle logging out:
http://www.umich.edu/~umweb/software/cosign/download.html
David's approach of deleting the cookie cached on the server works
well, too. It also takes care of cleaning up the cached cookies, which
is a nice side
effect. :)
--Jarod
Quoting "Sweetman, David" <dsweetma@xxxxxxxxxxxx>:
Chris - What if you also delete the server-side cookie? Here's a code
snippet that does that via VBScript:
Servicename = "InsertYourCoSignServiceNameHere"
Servername = "InsertYourServerNameHere"
s= request.ServerVariables(2)
buf = split(s,chr(10))
for each b in buf
if instr(b,"; " & ServiceName)>0 then
ck = Right(b, Len(b) - Instr(b, Servername & "=") - 10)
ck = Left(ck, (Len(ck) - 1))
end if
next
set fs = server.CreateObject("Scripting.FileSystemObject")
dirPath = "C:\Program Files\CoSign\CookieDB\"
pt = dirPath & ck
if (fs.fileexists(pt)) then
fs.deletefile(pt)
end if
David Sweetman
Windows Enterprise Systems Administrator
Michigan Administrative Information Services
University of Michigan
-----Original Message-----
From: Christopher Lafty [mailto:chl114@xxxxxxx]
Sent: Tuesday, November 01, 2005 9:01 PM
To: Malestein, Jarod Douwe
Cc: chrislafty@xxxxxxx; cosign-discuss@xxxxxxxxx
Subject: Re: logout vbscript
Yep, it's in the same directory as my cosign protected application...
-C
jarod@xxxxxxxxx wrote:
Chris,
I haven't had a chance to try out your script yet. It certainly looks
like it's
doing all the right things! Just to be sure, the logout script is
behind a
cosign-protected URL, right?
--Jarod
Quoting Christopher Lafty <chl114@xxxxxxx>:
I'm trying to build a logout script in vbscript, but it doesn't seem
to
function. Here it is:
<%
Session.Abandon
'get cosign cookie name as string
cosignCookie =
CStr(Request.ServerVariables("HTTP_COSIGN_SERVICE"))
Response.Cookies(cosignCookie)="null"
Response.Cookies(cosignCookie).Expires = Date()-1000
Response.Cookies(cosignCookie).Domain ="/"
Response.Cookies(cosignCookie).Secure=True
Response.redirect "https://webaccess.psu.edu/cgi-bin/logout";
%>
Any takers? I would use php or perl, but don't have the option.
Thanks,
Chris
--
.....................................
:: Christopher Lafty
:: Web Site Administrator
:: Department of Biology
:: Pennsylvania State University
:: chrislafty@xxxxxxx
.....................................
--
.....................................
:: Christopher Lafty
:: Web Site Administrator
:: Department of Biology
:: Pennsylvania State University
:: chrislafty@xxxxxxx
.....................................
| 
