Skip to main content

This content has been archived and is no longer being updated. Links may not function; however, this content may be relevant to outdated versions of the product.

Support Article

Error message flashed on screen after completing app step

SA-1669

Summary



The application is deployed as an IAC Gadget.
There is a 'BeforeUnload listener' on the Gadget HTML which fires a logoff event to PRPC to log the session off.
While the Gadget is loaded, if a user navigates away to a different page, they see an error page flash for split second.


Error Messages



System unavailable


Steps to Reproduce



1. Have a listener issue a logoff comand.

pega.util.Event.addListener(window, "beforeunload", gadgetLogoff, null, false);

gadgetLogoff function has: pega.web.api.doAction(“GADGETNAME”,”logoff”);

2. Navigate away from page.


Root Cause



The root cause of this problem is a defect in customer application code/rules.

1. When the logoff is issued to PRPC, it calls the activity: Code-Security.logoff
2. This activity in turn will call Code-Security.EndSession
3. Code-Security.EndSession will return a HTML stream: Web-Session-Return
4. Web-Session-Return does a redirect to a URL of the form: /prgateway/PRPCGateway/QA
5. Since the customer L/B doesn't allow navigation to URL in Step 4, it displays the Error.jsp page and then continues to requested page.
6. Fiddler interaction showed above sequence.

The problems was because the HTML returned from OOTB activities was not allowed in customer L/B config due to security reasons, hence L/B would automatically redirect to the Error page. The Error page was configured as a catch all for any unauthorised access or any application error.


Resolution



The Error screen would no longer flash in any scenario on any browser after implementing below mentioned local changes.

1. Redirect to a blank HTML stream, so no error is displayed. This only needed to happen for IAC users.
- Customised Code-Security.EndSession to ruleset accessible by Pega:Browser Unauthenticated requestors.
- Checked if the incoming request is for IAC. To determine this check if pxRequestorContextURI has "prgateway" in it's text.
- If so, then redirect to a new HTML stream rule - IAC-Session-Return. This rule is blank (<html></html>)
- If non IAC user, then proceed as normal

With this change in place, instead of error screen flashing, users will see a blank screen for split second, which is acceptable as it seems like page is loading.

2. With above change in place, the error screen would still occasionally show up, more often on IE-11 browser.
- The root cause for this from Fiddler was that when the logoff event was submitted to PRPC, there was no IAC cookie in the request.
- The gadget HTML has code to clear the "prGatewaySESSIONID" cookie after logoff even is fired, as the event listener only works on IE and cookie clear is needed for other browsers.
- Since the logoff code is AJAX, we suspect sometimes the cookies are getting cleared before that request is submitted.
- For these cases, since the session is now invalidated, we don't want to submit logof, as it triggers an error from the PRPC server and results in error.jsp being flashed again on screen.
- To achieve this, following condition was added to the gadgetLogoff() function:

try {
if (document.cookie.indexOf("prGatewaySESSIONID") >= 0) {
            pega.web.api.doAction(“GADGETNAME”,”logoff”);
      }
} catch (Exception e) {
;
}



 

 
Suggest Edit

Published January 31, 2016 - Updated October 8, 2020

Did you find this content helpful? Yes No

Have a question? Get answers now.

Visit the Collaboration Center to ask questions, engage in discussions, share ideas, and help others.

We'd prefer it if you saw us at our best.

Pega Community has detected you are using a browser which may prevent you from experiencing the site as intended. To improve your experience, please update your browser.

Close Deprecation Notice
Contact us