Skip to main content

This content has been archived and is no longer being updated. Links may not function; however, this content may be relevant to outdated versions of the product.

Support Article

EndSession activity not being called at logoff of the session



When the user logs off the activity Code-Security.logoff is not being redirected correctly to call EndSession activity in specific nodes of the environment. There is http redirection in Code-Security.logoff activity with parameter as RedirectTo=pzActvity=EndSession&pzAuth=Guest, however in some specific nodes it is not redirecting properly to call the EndSession activity.

There is a default error screen displayed every time user logs off due to this.

Error Messages

Connection Failed.Try Again

Steps to Reproduce

Logoff from the environment using a load balancing url

Root Cause

The root cause of this problem is in a third-party product. 

A complicated proxy configuration was being used that modified the context root to be two parts: <prpc_context_root>/<cluster_root>/

In general PRPC handled this configuration correctly with no problems when using the proxy settings as recomended on PDN:

The problem was with status.jsp located prweb/diagnostic folder of the war or ear deployment of PRPC. This get run in a couple of ways but in scope of the support request it's getting run when an AJAX request is calling an activity, @baseclass.pzIsMobileDevice, and that activity is not returning an HTML stream. Since each HTTP request requires a response and because the engine level activity did not set a response the status.jsp is executed.

The status.jsp can't access the clipboard, it's run outside of the engine context and in the web tier. It returns a Pega-RULES setCookie response and for  the path part of the PRPC cookie it's using the HTTPServletRequest.getContextPath().  This would reset the PRPC cookie path  incorrectly because it gets the context root of PRPC as deployed in WebLogic, not the full context root defined in the proxy settings. After this request was done futher request, in this case endSession, would not run correctly.


Provided a custom status.jsp that lets the same proxy configration stay in place.

Code Change: (Bold are changes)
boolean bSetCookie = true;
if (bIsNoContent) {
     sStatus = "good";
     sMessage = "The operation completed successfully, but returned no content";   
     bSetCookie = false;
} else {
response.setHeader("Cache-Control", "max-age=0");
if (sUserName == null)
     sUserName = "Unauthenticated or not available";
if (sRequestorID == null) {
     sRequestorID = "No ID available";
} else {
boolean httpOnly = false;
httpOnly = ((Boolean)request.getAttribute("cookie/HttpOnly")).booleanValue();
if(!httpOnly && bSetCookie) {
          Cookie ckPegaRULES = new Cookie("Pega-RULES", sRequestorID);
          ckPegaRULES.setComment("PegaRULES session tracking");

Here the code skips returning a PRPC cookie when the status.jsp is being used to return a No Content response, "The operation completed successfully, but returned no content". 

Published July 13, 2015 - Updated October 8, 2020

Was this useful?

0% found this useful

Have a question? Get answers now.

Visit the Collaboration Center to ask questions, engage in discussions, share ideas, and help others.

Did you find this content helpful?

Want to help us improve this content?

We'd prefer it if you saw us at our best.

Pega Community has detected you are using a browser which may prevent you from experiencing the site as intended. To improve your experience, please update your browser.

Close Deprecation Notice
Contact us