Support Article
Mashup: pyDeleteDocumentPg call after issuing a logoff
SA-34877
Summary
Two gadgets are exposed to an external .NET application using IAC.
Reverse proxy is implemented using IIS.
No Pega Gateway
When the user either logs off from the external application or session timeout on external application, there is a call to pyDeleteDocumentPg after the logoff. The application is trying to generate another Pega session by creating a new Pega-RULES cookie immediately after the logoff is issued, this is creating troubles and until this newly created session is either killed using SMA or passive ID.
Error Messages
Call stack looks as follows:
/prweb/IAC/?pyActivity=Code-Security.LogoffMashup
prweb/IAC/ZsvSk3vV8PtgJEa4_x3fiQ%5B%5B*/!CMSWebApp/$PCAPPTCAL/?pyActivity=pyDeleteDocumentPg&pzFromFrame=&pzPrimaryPageName=pyDisplayHarness&pzHarnessID=HID2D592C86EB0D56920302FC290312D57A&pyPagesToRemove=D_UITemplateMeta
Sometimes, log says, no failure stream set by custom authentication activity.
Steps to Reproduce
Implement IAC and issue a logoff from IAC.
Root Cause
The gadget is just displaying harnesses from either Display or CreateNewWork actions. The logoff is being sent from the top level application and then the IAC gadget iframe is getting unloaded as the top level application navigates to it's logoff page. The harness level onbeforeUnload event is being triggered and calling pyDeleteDocumentPg.
Resolution
The solution is to have the top level application remove the listener for the harness level onbeforeunload event.
PRPC Changes:
Add the following Javascript function to UserWorkForm:
<script>
function setUIForPRPCLogoff(){
pega.util.Event.removeListener(window, "beforeunload",pega.u.d.harnessOnBeforeUnload);
}
</script>
Top Level App Changes:
The following is from an internal sample application.
function testLogOut(){
logOffPRPC();
/* top level logout can now occur */
document.location.href = "Logout.html";
}
function logOffPRPC() {
/*Find PRPC iFrame element which will be PegaGadget parameter plus "ifr" */
var prpcWindow = document.getElementById("[Gadget]ifr").contentWindow;
if (prpcWindow != null)
{
if (typeof prpcWindow.setUIForPRPCLogoff === "function") {
prpcWindow.setUIForPRPCLogoff();
}
}
/* Call PRPC logoff */
var logoffURL = pega.web.config.gatewayURL+pega.web.config.systemID+"/!"+pega.web.config.appName
+"/$"+pega.web.config.thread+"?pyActivity=Code-Security.LogOffMashup";
xmlhttp=new XMLHttpRequest();
xmlhttp.open("GET",logoffURL,false);
xmlhttp.send();
}
Published March 11, 2017 - Updated October 8, 2020
Have a question? Get answers now.
Visit the Collaboration Center to ask questions, engage in discussions, share ideas, and help others.