|Applies To||RSA Authentication Agent 5.3 for Web for Microsoft IIS|
|Issue||How to clear RSA Authentication Agent for Web's cookie to force re-authentication|
Cannot invalidate RSA Authentication Agent for Web's cookie with the following ASP code:
document.cookie ="rsa-local=" + escape("") + ";expires=Fri, 31 Dec 1999 23:59:59 GMT;"
|Cause||RSA Authentication Agent for Web cookie is a session cookie (non-persistent), so the above technique does not apply. The only way to invalidate the cookie short of closing the web browser is to use the logoff URL as specified in the RSA Authentication Agent 5.3 for Web for Microsoft Internet Information Services (IIS) Installation and Configuration Guide.|
|Resolution||One way to clear RSA Authentication Agent for Web's cookie without user intervention is to force execution of a page that uses the Refresh tag to immediately execute a URL as shown below. On some web page, use the following code:|
Then RSAlogoff.asp looks like the following:
<HEAD><TITLE> RSA Logoff </TITLE>
<META HTTP-EQUIV="Refresh" CONTENT="0;URL=http://<hostname>/webid/IISWebAgentIF.dll?logoff">
This immediately executes the Agent logoff function.
|Legacy Article ID||a31046|