Question


Pegasystems Inc.
JP
Last activity: 9 Jul 2016 6:33 EDT
7.2 Log off redirection setting doesn't work
I am using personal edition 7.2 and found that "log off redirection" setting doesn't work.
I was redirected to the login screen, although I've selected option "Show log off screen".
***Updated by Moderator: Marissa. Added Category***


Pegasystems Inc.
US


Pegasystems Inc.
IN
Hi Hong,
The Activity Code-Security.Logoff sends the value of this setting to Code-Security.EndSession. The activity Code-Security.EndSession then displays different HTML based on this parameter value:
RedirectToLoginScreen = Web-Login
< AnythingElse> = Web-Session-Return
When using "Show Log off Screen" this ends up calling "Web-Session-Return".
The HTML for Web-Session-Return has a meta refresh in it that takes the user back to the login screen:
<META http-equiv="refresh" content="0;URL=<pega:reference name="$save(servURL)" />">
The Section rule "Web-Session-Return" is not marked as final so customizations can be done to it..Save as web-session-return to your ruleset,remove above line of code and add your own log-off image.


Pegasystems Inc.
JP
Altough there is work around solution, the default behavior for "Show log off screen" option, which redirects to login screen, doesn't make any sense. If there is no difference between "Show log off screen" and "Redirect to log in screen" why do we need this configuration option at all?
I remember that V6.3 has OOTB log off screen and it simply works as expected if you select "Show log off screen" option.


Pegasystems Inc.
US
Hi Chunzhi,
I agree with you. I've raised the same concern few months ago and logged a bug regarding the Log Off redirection setting. As the web-session-return is an available rule, this was the solution I've got from our teams.
<pega:when java="<%= tools.getParamValue("redTo").equals("RedirectToLoginScreen")%>">
<META http-equiv="refresh" content="0;URL=<pega:reference name="$save(servURL)" />">
</pega:when>


Pegasystems Inc.
IN
would updating step#1 Show-HTML from Web-Session-Return to Web-Session-Return-Template in RULE-OBJ-ACTIVITY CODE-SECURITY ENDSESSION makes a difference? please share your thoughts/observations, Thank you!
Hi Chunzhi,
That is due to below line of code in your Web-Session-Return HTML file. This piece of code always redirects to login URL. (you can give a try by doing a preview of this HTML Stream)
<META http-equiv="refresh" content="0;URL=<pega:reference name="$save(servURL)" />">
<pega:when java="<%= tools.getParamValue("redTo").equals("RedirectToLoginScreen")%>">
<META http-equiv="refresh" content="0;URL=<pega:reference name="$save(servURL)" />">
</pega:when>
And make sure you save the Web-Session-Return html in your rulesets and add this ruleset to UnAuthenticated access group on browser requestor type to see the changes.
This will work based on the setting you chose on your application rule form.
BR//
Harish