Reputation: 5882
Sending a HTTP POST request
To implement single sign off, i would like the user to get logged out of application B additionally when ever the user clicks logout on application A. Is it possible to implement this using some form of a POST request to application B? i.e. when the user clicks on logout:
- Generate existing POST request to logout of application A
- Generate additional POST request to logout of application B as well.
Upvotes: 2
Views: 3182
Answers (6)
Reputation: 2808
How about making it a cookie based authentication? A same cookie authenticates a user for various applications (in your case 2 different application.) Once a user sign off from one application (app A), invalidates a cookie (by expiry date) so that whenever a user sends a POST request to rest of the application (app B) the request is not processed. A Servlet that traces each POST request to validate the cookie is required for each application.
Upvotes: 0
Reputation: 11502
If your login session is stored by a cookie, and there are nothing else you need to supply to log out of application B, clearing the cookie in javascript will usually destroy the session and sign the user out.
Upvotes: 0
Reputation: 8526
The cleanest way to do this is to check if your SSO provider has a single-sign-off feature.
Coding this up and deploying it would make your overall IT solution a bit brittle.
Another suggestion is to take this up with your (Enterprise) architect as SSO is usually an enterprise initiative and point her to (very cogent) arguments in this post : http://lists.danga.com/pipermail/yadis/2005-July/001085.html
Upvotes: 1
Reputation: 354
Without specific information, it's hard to give a specific answer, but as you're refering to POST, I'll assume a browser is involved.
POSTs (without using Javascript or similar) occur when a form is submitted. As the form can have only one action, it can only target one server-side page.
One solution is to simply have Application A forward sign-out credentials to Application B once one action is received, which allows for more opportunities to check returns.
If, however, you're set on POST'ing to different pages, see this tutorial for one iframe-related hack - http://www.codeproject.com/KB/scripting/multiact.aspx
Upvotes: 0
Reputation: 353
Depending on the implementation of your authentication system, probably you can/need to send the POST using JavaScript instead of from server-side.
Upvotes: 0
Reputation: 28636
Yes, how you do it depends on the programming language you are using.
For example under ASP.Net you'd use System.Net.HttpWebRequest within the handling of the Logout event of application A to make a logout request to application B
If you can post what language you're working in I can give a proper example
Upvotes: 0
Related Questions
- Sending HTTP POST Request In Java
- How to perform HTTP Post request in Java?
- Java doesn't send HTTP POST Request
- Problems with POST request in java
- Sending post request to website
- How to send simple http post request with post parameters in java
- How to submit a post request using Java?
- Sending a POST request to the server
- Http Post in JAVA
- HTTP Post sent from Java