How To: Expire Cookie from Browser when using Logout Task in Sentry

There are many SSO use cases with Sentry that result in Sentry setting FSSESSION cookies on a user's web browser.  These cookies can later be logged out via the Logout task in Sentry. Administrators may also want to remove the FSSESSION cookie from the browser when logging out the cookie.

 

When the Sentry Logout task is used, the FSSESSION cookie is no longer valid and will be rejected by Sentry. However, browsers still hold onto this cookie until the session is cleared or the cookie is manually removed.

Sentry can return a Set-Cookie header back to the browser for the specific cookie, with an expiry date set in the past, to force the browser to remove the FSSESSION cookie immediately.

 

To do this,  use a "Map Attributes and Headers" task in the same task list as the Logout task.

 

The "Map Attributes and Headers" task should have 3 mappings:

 

1. Capture the incoming FSSESSION cookie value. This must be returned with the Set-Cookie response header so the browser knows which cookie to delete.

Mapping #1 

Source Type: Cookie
Source Name: FSSESSION
Target Type: Template
Target Name: {current_cookie}

 

2. Capture the incoming domain from the host header on the incoming request, then use that value in the Set-Cookie response that removes the cookie from the browser.

Mapping #2

Source Type: Request Header
Source Name: Host
Target Type: Template
Target Name: {host}.{domain}:{port}

 

3. Map the templates into the Set-Cookie response header to be returned to the browser. 

Mapping #3

Source Type: Template
Source Name: FSSESSION={current_cookie}; Expires=Thu, 01-Jan-1970 00:00:01 GMT; Path=/; Domain=.{domain};
Target Type: Response Header
Target Name: Set-Cookie

 

The Map Attributes and Header task should look like:

 

 

MapHandA_setCookie.JPG

 

0 Comments

Article is closed for comments.