Bad URL on Logout (/PWCWeb/PWCWeb)

Follow

Revision: 2.0
Last Update: Dec 6, 2016

Problem

When ERPM is logging out users successfully, typically based on a user interaction to request a logout or when automatic login is not enabled, ERPM is directing them to the following URL:"https://lscprods.lsc.ent/pwcweb/Login.asp?LoginError=You%20have%20logged%20out%20s uccessfully".

In the good scenario, a user can login correctly, by simply attempting to login.

When ERPM is improperly logging out users, it is directing them to one of the following URLs:

  • "https://lscprods.lsc.ent/pwcweb/pwcweb/Logout.asp?LoginError=You%20have%20logged%20out%20 successfully"
  • "https://lscprods.lsc.ent/pwcweb//pwcweb/Logout.asp?"

In the bad scenario, a user cannot login correctly without terminating all browser sessions for the current browser.

Cause

Some pages are better than others regarding logout behavior. The error is related to session expiration vs the logout function timing and behavior. If the logout occurs properly, ERPM calls the DoLogout function which places the user at Login.asp?LoginError=You%20have%20logged%20out%20s uccessfully. However, if the session expires before the logout function is called (even when the user clicked Logout), a bad URL is returned that is incomplete (without an error message noted in the URL ): “https://server/pwcweb//pwcweb/Logout.asp?”

In version 5.5.1 of ERPM, this behavior is noted when Windows Integrated Authentication AND automatic logins are enabled in the web configuration. This behavior could not be reproduced when just Windows Integrated Authentication without automatic login or standard form logins were enabled.

In version 5.5.0 of ERPM, the behavior was more pervasive and could occur even when automatic logins were not enabled.

Resolution

For 5.5.0 users, the solution is to upgrade to a newer version.

For 5.5.1 users, their are two possible solutions:

  • Disable automatic logins. Windows integrated authentication is still an option, though users will simply need to click the "Login" button on the login page rather than being directed automatically through the login process.
  • Make the following change to this one file:

In %inetpub%\wwwroot[\pwcweb]\includes\initialization.asp, Change the following (line 19) from:

Code:
VerifyAuthenticationToken oAccountManagement, sAuthenticationToken, Request.ServerVariables( "URL" ), Request.ServerVariables( "QUERY_STRING" )


To:

Code:
VerifyAuthenticationToken oAccountManagement, sAuthenticationToken,"",""


Then save the ASP page and restart your browsers. Note that the original ASP page, is also included in the original ERPM installation location should you need to replace your edited version with the original version.

For all users, a proper fix is supplied in versions after 5.5.1.

Applies To

  • ERPM v5.5.0 and v5.5.1
Was this article helpful?
0 out of 0 found this helpful

Comments

Powered by Zendesk