Hello,
Referring to a previous post regarding the SSO method I had to implement (currently using WiseJ 1.x):
1) using an ASPX page to accept the SAML post and extract the SAML tokens I need to authenticate a user from a customer.
2) encrypt some data from the SAML post into a string and set a cookie.
3) in the WiseJ login form – read the cookie
4) authenticate the user against the database and if valid – startup the WiseJ session
5) Delete the cookie with Application.Cookies.Remove(“AuthCookieName”);
So – this all works except there are 2 issues:
For the cookies issue, just had a similar request. I think the problem is that the cookie is set using http-only then Wisej cannot remove it using the WebSocket response. But you can use the Http context in the first request since it’s http.
This executed in Program.Main deletes an http-only cookie.
System.Web.HttpContext.Current.Response.Cookies.Add(
new System.Web.HttpCookie(“Test”) { HttpOnly = true, Expires=DateTime.Now.AddDays(-1) });
The cookie should be deleted, unless the url doesn’t match. Can you reproduce in a small test case?
In Javascript in Chrome (F12) put a break in Wisej.Core.setCookies() and see if it tries to set the cookie to delete with a date of “; Expires=Thu, 01 Jan 1970 00:00:00 UTC” which is the only way to delete cookies.
In alternative try Application.Browser.CookieStorage.RemoveValue(“cookie name”); In this case the break on the client can go to Wisej.Core.removeStorageValue().
Please login first to submit.