Log-off processing modifications

Your application can control the user means and processing that occurs at log-off.


When a user clicks the Log off link on a portal window, the Pega Platform runs a JavaScript function that starts the standard activity Code-Security.LogOff.

This activity releases all locks, all clipboard pages, and other resources held by the requestor, and displays the standard HTML rule @baseclass.Web-Session-Return.

In contrast, users who exit by closing the browser window do not cause this activity to run. Locks and clipboard are retained until the session times out; this can interfere with the ability of other users to update work items, assignments, or rules locked by that user.


Through a portal rule, you can eliminate the Log Off link from the navigation area. Be sure to offer users another means to start the LogOff activity.

By overriding the standard HTML rule @baseclass.Web-Session-Return, your application can change the appearance of the final log off form, or can cause users to link to another Web-based system or site, such as CA SiteMinder (formerly Netegrity SiteMinder).

For example, the following uses HTTP redirection to present the Google home page:

<html> <head> <meta http-equiv="refresh" content="1;url=http://www.google.com/"> </head> <body>Redirecting to Google in one second...</body></html>

By the time the log-off form appears in a user browser window, the user is no longer authenticated and is a guest user.

Your log-off form may include links, buttons, or information that is suitable for and available to guest requestors.

Note: By overriding the standard activity Code-Security.LogOff, you can implement additional customizations. For example, you can update your copy of the LogOff activity to perform additional processing or to record statistics about the user's session or accomplishments. Place the Requestor-Stop method in the last step; no requestor processing can follow this method.

The RuleSet containing your log out form (and activity) must be available to guest requestors.

Closing the browser window

If a user closes the browser window, the requestor session remains active until time-out. This may mean that locks are held by the requestor, preventing anyone else from updating objects that are locked.

You cannot prohibit or detect this in your application. Closing the browser window is not detectable by a JavaScript event or function. Microsoft — possibly by design — provides no event for this; users must be trained to click the Log off link.