RE: logout vbscript

[jarod@xxxxxxxxx]

The fundamental issue with VBScript is that it helpfully *cough* 
encodes hyphens
to %2D.  The following all that needs to be done to delete the service cookie
before logging out:

<%
   Session.Abandon

   'get cosign cookie name as string
   cosignCookie = CStr(Request.ServerVariables("HTTP_COSIGN_SERVICE"))
   Response.Cookies(cosignCookie)="null"

   Response.Redirect(
"https://weblogin.umich.edu/cgi-bin/logout?https://www.umich.edu/"; )

%>

You can look at your cookies, Firefox is helpful here, and see that 
you'll have
a cookie such as cosign%2dsomeservice set to "null".

If anybody out there knows how to tell ASP that a hyphen really is a hyphen,
please share.

I wrote a cosignlogout.dll to handle logging out:
http://www.umich.edu/~umweb/software/cosign/download.html

David's approach of deleting the cookie cached on the server works 
well, too. It also takes care of cleaning up the cached cookies, which 
is a nice side
effect. :)

--Jarod


Quoting "Sweetman, David" <dsweetma@xxxxxxxxxxxx>:

> Chris - What if you also delete the server-side cookie?  Here's a code
> snippet that does that via VBScript:
>
> Servicename = "InsertYourCoSignServiceNameHere"
> Servername = "InsertYourServerNameHere"
>
> s= request.ServerVariables(2)
> buf = split(s,chr(10))
>  for each b in buf
>    if instr(b,"; " & ServiceName)>0 then
>       ck = Right(b, Len(b) - Instr(b, Servername & "=") - 10)
>       ck = Left(ck, (Len(ck) - 1))
>    end if
>  next
> set fs = server.CreateObject("Scripting.FileSystemObject")
> dirPath = "C:\Program Files\CoSign\CookieDB\"
>
> pt = dirPath & ck
> if (fs.fileexists(pt)) then
>   fs.deletefile(pt)
> end if
>
>
>
> David Sweetman
> Windows Enterprise Systems Administrator
> Michigan Administrative Information Services
> University of Michigan
>
> -----Original Message-----
> From: Christopher Lafty [mailto:chl114@xxxxxxx]
> Sent: Tuesday, November 01, 2005 9:01 PM
> To: Malestein, Jarod Douwe
> Cc: chrislafty@xxxxxxx; cosign-discuss@xxxxxxxxx
> Subject: Re: logout vbscript
>
> Yep, it's in the same directory as my cosign protected application...
>
> -C
>
> jarod@xxxxxxxxx wrote:
>
> > Chris,
> >
> > I haven't had a chance to try out your script yet.  It certainly looks
>
> > like it's
> > doing all the right things!  Just to be sure, the logout script is
> > behind a
> > cosign-protected URL, right?
> >
> > --Jarod
> >
> > Quoting Christopher Lafty <chl114@xxxxxxx>:
> >
> > > I'm trying to build a logout script in vbscript, but it doesn't seem
> to
> > > function.  Here it is:
> > > <%
> > >    Session.Abandon
> > >
> > >    'get cosign cookie name as string
> > >    cosignCookie =
> CStr(Request.ServerVariables("HTTP_COSIGN_SERVICE"))
> > >    Response.Cookies(cosignCookie)="null"
> > >    Response.Cookies(cosignCookie).Expires = Date()-1000
> > >    Response.Cookies(cosignCookie).Domain ="/"
> > >    Response.Cookies(cosignCookie).Secure=True
> > >
> > >    Response.redirect "https://webaccess.psu.edu/cgi-bin/logout";
> > > %>
> > >
> > > Any takers?  I would use php or perl, but don't have the option.
> > >
> > > Thanks,
> > > Chris
> > >
> > > --
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > > .....................................
> > > :: Christopher Lafty
> > > :: Web Site Administrator
> > > :: Department of Biology
> > > :: Pennsylvania State University
> > > :: chrislafty@xxxxxxx
> > > .....................................
>
> --
>
>
>
>
>
>
>
> .....................................
> :: Christopher Lafty
> :: Web Site Administrator
> :: Department of Biology
> :: Pennsylvania State University
> :: chrislafty@xxxxxxx
> .....................................