function readOnly(count){ }
Starting November 20, the site will be set to read-only. On December 4, 2023,
forum discussions will move to the Trailblazer Community.
+ Start a Discussion
1542VeMan1542VeMan 

logging out of an external site in iFrame, then redirecting user to another page

Our application logs the user into and opens a website in an iFrame in a Visualforce page. Our problem is that when the user leaves the iFrame page using a back button, or when closing the browser, he is still logged in to the external site. 

I'm attempting to use cascading actionFunctions, where the last one fires oncomplete of the first. 
 

<apex:page controller="iFramePageController" sidebar="false" >
   
    <apex:form >
        <apex:actionFunction action="{!logoutOfApp}" name="logoutOfApp" immediate="true" reRender="iFrame" oncomplete="return()">
            <apex:param assignTo="{!logout}" name="logoutSwitch" value="true"/>
        </apex:actionFunction>
        
         <apex:actionFunction action="{!Back}" name="return" />
       
         <apex:commandButton value="Back"  onclick="logoutOfApp()" />
       
    </apex:form>
    
    <apex:iframe src="{!iFrameUrl}" id="iFrame"/>
    
</apex:page>


Controller:
public class iFramePageController {
       
    private string retUrl;
    private string logoutURL = 'https://AppCompany.com/logout.jsp?submitOK=true';
    
    public PageReference Back() {
        
        return new pageReference(retURL).setRedirect(true);
    }

    public pageReference logoutOfApp(){
        return new PageReference(logoutURL);
    }

    public String getiFrameUrl() {
         if (logout)
              return logoutURL;
         else{
              ... lots of login code that initiates the iFrame
         }
    }


}
Clicking the Back button will call the logoutOfApp action function, which passes the true parameter to a boolean value, then refreshes the iFrame.

the getiFrameURL should now provide the logoutURL (since logout is now 'true') to the src value in the iFrame tag

Once the rerender is complete, I expected the 2nd function to be called Back(), which uses the retURL initially provided to the page to redirect the user back to that page. 

Currently this isn't working and the page basically refreshes with the iFrame intact. I was able to sucessfully call the logout function when using the onmouseover in the Back button, but it never made it to redirecting to the return page. 

The thought was that I could refresh the iFrame to the logout page, thus logging out the user, then get the user back to the original page ensuring that the user was truly logged out. 

Not sure why this isn't working. Any help much appreciated to get it working, or help kme understand why it either doesn't or cannot work would be appreciated. 

Thanks

VeMan


 
MithunPMithunP
Hi 1542VeMan,

If you want to logout from a site we should use logout.jsp like below iframe code.

For your case, just create a intermediate page with following code sample.

When you click Logout from your site just redirect to this intermediate page, this page will show some message (You have now logged out of the Site area) and logged out from site and redirect to external link (www.google.com) automatically.

So that if user clicks Back, they can't redirect to site again.
 
<apex:page showHeader="false" standardStylesheets="false">
    
   <meta http-equiv="refresh" content="2; url=http://www.google.com/support" />
      <div id="main">
                    <div>Logged Out</div>
                    <div>
                        <apex:outputPanel layout="block">
                            <apex:pagemessages />
                            <apex:iframe rendered="true" height="0%" width="0%" src="{!$Site.Prefix}/secur/logout.jsp"/>
                            <br />
                            <p>Thank you for using Site. <br />
                               You have now logged out of the Site area.</p>
                            <br />
                            <!-- <p>To access the site again, please <a href="{!$Site.Prefix}">login</a>.</p>
                            <br /> -->
                            <p>Visit home page at <a style="font-weight: bold;" href="http://www.google.com">www.google.com</a>.</p>
                        </apex:outputPanel>
           </div>
    </div> 
</apex:page>
Best Regards,
Mithun.
 
1542VeMan1542VeMan
Thanks for the reply!! Unfortunately, this function is connected to a 'Back' function that is supposed to redirect the user to the original Salesforce page. Adding an intermediate page to tell the user they have logged out, then requiring them to click again to get to the page they were trying to get back to won't work. 

Basically the issue is how to redirect the user to two different pageReferences in the same action - the logout page reference to the outside site in the iFrame, and the Salesforce tab (or Account/Opportunity detail) page they started from. 

I have implemented a solution that will work for a 'Back' button: I've built a very small iFrame (10x10 pixels) in the tab page and the embedded Visualforce page in the Account/Opportuntiy detail pages whose source value is the logout page with a parameter of 'submitButton=true'. What that means is that every time these pages are opened, the user sends a logout command to the outside site. Fortunately, the user should only be accessing the site via the Salesforce route anyway so that's not a problem.

I'm still not sure how to fire a logout when the user closes the browser. (If user goes to lunch, and someone opens a browser on that computer and goes to the domain, the SessionID is still valid and the nefarious second user can now cause all sorts of havoc in the first user's name). I suspect that the answer is some kind of Javascript function built on the close window function, but not quite hip enough on JS to figre it out yet. 

Any ideas on that??

Thanks again for your help!!