Set-Cookie: SMSESSION=LOGGEDOFF missing from the response on a log off request
search cancel

Set-Cookie: SMSESSION=LOGGEDOFF missing from the response on a log off request

book

Article ID: 47054

calendar_today

Updated On:

Products

CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On

Issue/Introduction

I have configured LogOffUri and made sure that the below Meta tags are included in the log-out page so it cannot be cached in web browsers,however I still cannot see cookie "Set-Cookie: SMSESSION=LOGGEDOFF;"

being set in the response and I am able to replay the SMSESSION cookie and get Access to the system.

 

<META HTTP-EQUIV="Pragma" CONTENT="no-cache">

<META HTTP-EQUIV="Expires" CONTENT="-1">

Environment

Release:
Component: SMAPC

Resolution

Here is the answer.

In such situation ,you will need to validate :

1) The GET request of the logoff call from the agent trace to make sure that The transaction succeeded ,you should be able to see the below 2 messages indicating that the agent successfully processed the logoff call.

[Calling LogoutSession for session 'MdAU ... rbEs='.]

[Removing SMSESSION cookie.]

 

2) Once confirmed ,you will need to check if there is any network device(s) that sits between the agent and the browser such as citrix netscaler or any load balancer .

Most of these Network devices will cache the request and serve the contents from it hence why the "Set-Cookie: SMSESSION=LOGGEDOFF;" will be missing in the server response .    

Below is an Example on a Successful logout and a Failed One .In the Failed Request ,citrix Netscaler was caching the request where you can see clearly the message "Via: NS-CACHE-9.3: 121" in the server response with NO "Set-Cookie: SMSESSION=LOGGEDOFF;" 

In this particular example ,citrix Netscaler has the "integrate cache" option turned On and was cashing the request ,once set to OFF ,the "Set-Cookie: SMSESSION=LOGGEDOFF;"  is being set on the log off request

You will need to check for similar setting on other Network Devices in case you have the same issue .

 

Successful :

------------   

HTTP/1.1 200 OK

Date: Tue, 06 Sep 2016 15:19:00 GMT

Server: Apache/2.2.3 (Red Hat)

Set-Cookie: SMSESSION=LOGGEDOFF; path=/; domain=example.com

Last-Modified: Fri, 26 Aug 2016 13:29:42 GMT

ETag: "38b8c2-615-53af ... 80"

Accept-Ranges: bytes

ntCoent-Length: 1557

Connection: close

 

Failed:

-------

HTTP/1.1 200 OK

Age: 1         

Date: Tue, 06 Sep 2016 14:37:43 GMT

Connection: Keep-Alive

Via: NS-CACHE-9.3: 121

ETag: "38b8c2-61 ... 51d80"

Server: Apache/2.2.3 (Red Hat)

Last-Modified: Fri, 26 Aug 2016 13:29:42 GMT

Accept-Ranges: bytes

Content-Length: 1557

nnCoection: close

 

Powered by Wolken Software