000022721 - How to clear RSA Authentication Agent for Web's cookie to force re-authentication

Document created by RSA Customer Support Employee on Jun 16, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000022721
Applies ToRSA Authentication Agent 5.3 for Web for Microsoft IIS
IssueHow to clear RSA Authentication Agent for Web's cookie to force re-authentication
Cannot invalidate RSA Authentication Agent for Web's cookie with the following ASP code:

document.cookie ="rsa-local=" + escape("") + ";expires=Fri, 31 Dec 1999 23:59:59 GMT;"
CauseRSA Authentication Agent for Web cookie is a session cookie (non-persistent), so the above technique does not apply. The only way to invalidate the cookie short of closing the web browser is to use the logoff URL as specified in the RSA Authentication Agent 5.3 for Web for Microsoft Internet Information Services (IIS) Installation and Configuration Guide.
ResolutionOne way to clear RSA Authentication Agent for Web's cookie without user intervention is to force execution of a page that uses the Refresh tag to immediately execute a URL as shown below. On some web page, use the following code:

<%

Server.Execute("RSAlogoff.asp")

%>

Then RSAlogoff.asp looks like the following:

<HTML>

<HEAD><TITLE> RSA Logoff </TITLE>

<META HTTP-EQUIV="Refresh" CONTENT="0;URL=http://<hostname>/webid/IISWebAgentIF.dll?logoff">

</HEAD>

This immediately executes the Agent logoff function.
Legacy Article IDa31046

Attachments

    Outcomes