Hi all,
does anybody know if there is an option to invalidate the WebSEAL Session from a mapping rule? We use a unauthenticated session to register new users and store a couple of fields within the session for editing and other workflow issues. The problem is that due to session is valid the html form automatically is filled with the former filled in values (which works like ist should as long as the user didn't push register now). If there is no Option like that (couldn't find anything I the java doc) I could still empty all the values but guess destroying the session would be better.

-Jens

------------------------------
Jens Petersen
------------------------------

I apologize Jens but the email from IBM community blog/nor did the URL community blog Website mention the version of IBM Security Access Manager you were utilizing.

Yvonne

------------------------------
Yvonne R. McGinnis
DevOps (hopeful), Systems Administration
Obama Foundation, Chicago
Chicago Cato, Illinois
773-886-5579
------------------------------

Original Message:
Sent: Thu January 14, 2021 10:19 AM
From: Jens Petersen
Subject: destroy session

Hi all,
does anybody know if there is an option to invalidate the WebSEAL Session from a mapping rule? We use a unauthenticated session to register new users and store a couple of fields within the session for editing and other workflow issues. The problem is that due to session is valid the html form automatically is filled with the former filled in values (which works like ist should as long as the user didn't push register now). If there is no Option like that (couldn't find anything I the java doc) I could still empty all the values but guess destroying the session would be better.

-Jens

------------------------------
Jens Petersen
------------------------------

Hello Yvonne,
it's 10.0.1 but it'll be the same with earlier releases. 

as mentioned, if you are using the session object for storing variables those are available until the session is destroyed. And that Leads in this case to a prefilled form even if the INFOMAP was successfully finished. at least as long as the Browser is not closed or a new incognito window is used, because of the session cookie  

------------------------------
Jens Petersen
------------------------------

Original Message:
Sent: Fri January 15, 2021 06:52 PM
From: Yvonne McGinnis
Subject: destroy session

I apologize Jens but the email from IBM community blog/nor did the URL community blog Website mention the version of IBM Security Access Manager you were utilizing.

Yvonne

------------------------------
Yvonne R. McGinnis
DevOps (hopeful), Systems Administration
Obama Foundation, Chicago
Chicago Cato, Illinois
773-886-5579

Original Message:
Sent: Thu January 14, 2021 10:19 AM
From: Jens Petersen
Subject: destroy session

Hi all,
does anybody know if there is an option to invalidate the WebSEAL Session from a mapping rule? We use a unauthenticated session to register new users and store a couple of fields within the session for editing and other workflow issues. The problem is that due to session is valid the html form automatically is filled with the former filled in values (which works like ist should as long as the user didn't push register now). If there is no Option like that (couldn't find anything I the java doc) I could still empty all the values but guess destroying the session would be better.

-Jens

------------------------------
Jens Petersen
------------------------------