Skip to main content

This content is closed to future replies and is no longer being maintained or updated.
Links may no longer function. If you have a similar request, please write a new post.

Question

 SATEESH YENNAM (S_Yennam)
Virtusa Corporation
Senior System Architect
Virtusa Corporation
US
S_Yennam Member since 2014 32 posts
Virtusa Corporation
Posted: Jul 12, 2017
Last activity: Jul 24, 2017
Posted: 12 Jul 2017 6:54 EDT
Last activity: 24 Jul 2017 3:21 EDT
Closed

LDAP Authentication behavior in on click of Browser back button

Hi All,

We used LDAP1 to Authenticate user into our application. After Logout from application (used Pega OOTB LogOff ) and re-login with different user and clicks Browser back button, user is able to navigate to previous Transaction screen which is of first user.

Scenario :

1. Log into application with credentials 'A'.

2. Navigate to any screen (lets say Screen "Create Work Object screen").

3. Click Logout button. Then user will logout and navigates to Login screen.

4. Login again with different 'B' credentials.

5. Click browser button twice

6. 'B' can navigate to screen of A's "Create Work Object Screen" ( which is not expected behavior)

Please share your comments to Handle this behavior.

Thanks in Advance,

Sateesh Yennam

To see attachments, please log in.
Low-Code App Development

Posted: 7 years ago
Posted: 16 Jul 2017 23:20 EDT
Rincy Rappai (RINCYRAPPAI)
PEGA
Principal Software Engineer DevSecOps, Application Security
Pegasystems Inc.
IN

Hello Sateesh, 

Thanks for posting your query in PSC :)

I understand you are seeing the reported behavior by clicking on browser's back button. How about disabling the browser's back button?

Refer this post regarding this option. Is this feasible at your end?

Regards,

Rincy

 

To see attachments, please log in.
Posted: 7 years ago
Posted: 17 Jul 2017 2:25 EDT
SATEESH YENNAM (S_Yennam)
Virtusa Corporation
Senior System Architect
Virtusa Corporation
US

Thanks for your response.

Is disabling browser button only option ?

Basically, If different user login, then pega will generate new connection and requestor. So new requestor should not have access to old transaction. This is working fine in 7.1. We have this issue only after upgrading it to Pega 7.2.2 (CSHC 7.21)

May be this is happening due to browser cache or something else. I hope there should be a way to handle this.. Can't we ?

 

Thanks

Sateesh Yennam

To see attachments, please log in.
Posted: 7 years ago
Posted: 18 Jul 2017 4:29 EDT
SATEESH YENNAM (S_Yennam)
Virtusa Corporation
Senior System Architect
Virtusa Corporation
US

Hi, Thanks for your Reply.

So do we need to change something from server side to achieve this ?

Can't we handle this from Pega ?

Thanks

Sateesh Yennam

To see attachments, please log in.
Posted: 7 years ago
Posted: 24 Jul 2017 3:21 EDT
SATEESH YENNAM (S_Yennam)
Virtusa Corporation
Senior System Architect
Virtusa Corporation
US

Can anyone please respond on this.

While I traced this issue in Pega 7.1 after clicking on back button, pyActivity=ReloadSection. where as after upgrade to 7.2 its reffering as [email protected] 

I have attached primary page QueryParams and tracer differences. Please check the screenshots attached and suggest on this.

To see attachments, please log in.

We'd prefer it if you saw us at our best.

Pega Collaboration Center has detected you are using a browser which may prevent you from experiencing the site as intended. To improve your experience, please update your browser.

Close Deprecation Notice