Support Article
EndSession activity not being called at logoff of the session
SA-12087
Summary
When the user logs off the activity Code-Security.logoff is not being redirected correctly to call EndSession activity in specific nodes of the environment. There is http redirection in Code-Security.logoff activity with parameter as RedirectTo=pzActvity=EndSession&pzAuth=Guest, however in some specific nodes it is not redirecting properly to call the EndSession activity.
There is a default error screen displayed every time user logs off due to this.
Error Messages
Connection Failed.Try Again
Steps to Reproduce
Logoff from the environment using a load balancing url
Root Cause
The root cause of this problem is in a third-party product.
A complicated proxy configuration was being used that modified the context root to be two parts: <prpc_context_root>/<cluster_root>/
In general PRPC handled this configuration correctly with no problems when using the proxy settings as recomended on PDN: https://pdn.pega.com/deployment/how-to-configure-a-reverse-proxy-server.
The problem was with status.jsp located prweb/diagnostic folder of the war or ear deployment of PRPC. This get run in a couple of ways but in scope of the support request it's getting run when an AJAX request is calling an activity, @baseclass.pzIsMobileDevice, and that activity is not returning an HTML stream. Since each HTTP request requires a response and because the engine level activity did not set a response the status.jsp is executed.
The status.jsp can't access the clipboard, it's run outside of the engine context and in the web tier. It returns a Pega-RULES setCookie response and for the path part of the PRPC cookie it's using the HTTPServletRequest.getContextPath(). This would reset the PRPC cookie path incorrectly because it gets the context root of PRPC as deployed in WebLogic, not the full context root defined in the proxy settings. After this request was done futher request, in this case endSession, would not run correctly.
Resolution
Provided a custom status.jsp that lets the same proxy configration stay in place.
Code Change: (Bold are changes)
-------
boolean bSetCookie = true;
if (bIsNoContent) {
sStatus = "good";
sMessage = "The operation completed successfully, but returned no content";
bSetCookie = false;
} else {
response.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
}
response.setHeader("Cache-Control", "max-age=0");
if (sUserName == null)
sUserName = "Unauthenticated or not available";
if (sRequestorID == null) {
sRequestorID = "No ID available";
} else {
boolean httpOnly = false;
if(request.getAttribute("cookie/HttpOnly")!=null)
httpOnly = ((Boolean)request.getAttribute("cookie/HttpOnly")).booleanValue();
if(!httpOnly && bSetCookie) {
Cookie ckPegaRULES = new Cookie("Pega-RULES", sRequestorID);
ckPegaRULES.setPath(request.getContextPath());
ckPegaRULES.setMaxAge(-1);
ckPegaRULES.setComment("PegaRULES session tracking");
ckPegaRULES.setSecure(bSecureCookie);
response.addCookie(ckPegaRULES);
}
}
-----
Here the code skips returning a PRPC cookie when the status.jsp is being used to return a No Content response, "The operation completed successfully, but returned no content".
Published July 13, 2015 - Updated October 8, 2020
Have a question? Get answers now.
Visit the Collaboration Center to ask questions, engage in discussions, share ideas, and help others.