Support Article
Incorrect Authentication on timeout
SA-17402
Summary
An LDAP SSO implementation uses pxSessionTimer to handle user idle timeout re-authentication.
On timeout, users should see the following standard PRPC screen for timeout re-authentication:
Sporadically, the users are seeing the default PRPC login screen instead of the above login screen.
Error Messages
Not Applicable
Steps to Reproduce
1. Log in to PRPC Application1 in IE tab1
2. Wait for 20 minutes until session timeout warning alert appears
3. Log in to PRPC Application2 in IE tab2
4. Log off PRPC Application 2
5. In PRPC Application1 click Okay button on timeout warning alert
Root Cause
When the problem occurs NO PRPC or JESSIONID cookies are sent to the server. This causes PRPC to treat the request as a new session.
All PRPC applications had the following in a customized Web-Session-Return HTML rule that is used when logging off PRPC:
<script>
document.execCommand("ClearAuthenticationCache","false");
</script> This Internet Explorer only clears all in memory session cookies associated with iexplore.exe process. When using browser tabs, this code would clear session cookies associated to other running applications in different tabs.
Resolution
The above script block was removed in PRPC 6.3 SP1 and is not needed. On logoff, set the Pega-RULES cookie to "None".
Remove this script block if you have customized your Web-Session-Return HTML rule or any other HTML rules used during logoff.
Published January 31, 2016 - Updated October 8, 2020
Have a question? Get answers now.
Visit the Collaboration Center to ask questions, engage in discussions, share ideas, and help others.