Microsoft SharePoint 2013 and SharePoint 2016 server

We can modify the JavaScript on the Microsoft SharePoint 2013 and SharePoint 2016 server so that Internet Explorer and Microsoft Office can share the same session when accessing a SharePoint resource.

To achieve session sharing with Microsoft SharePoint server, the SharePoint administrator must determine when to create the persistent session cookie for sharing sessions. The goal is to request the pkmstempsession management page immediately before the context switch for the requested resource.

SharePoint does not send any notification to WebSEAL before this context switch. However, we can create a custom JavaScript file on the SharePoint server, to automatically send an Ajax request to WebSEAL before accessing the requested resource. This Ajax HTTP request can collect the session cookie for the temporary session cache. You must configure SharePoint to use this custom JavaScript file instead of core.js. Do not directly update the core.js file on the SharePoint Server. Updating this file directly is not a supported SharePoint modification. Instead, create a custom JavaScript file and custom master page to override the required functions of core.js. Use the custom master page to configure your site collections to use these updated JavaScript functions.

Figure 1 illustrates the temporary session cache sequence of operations.

1. When WebSEAL starts, it initializes the temporary cache.
2. The client authenticates to the WebSEAL server.
3. The client sends a request for a SharePoint resource.
4. SharePoint sends a response back to the client that includes JavaScript (customcore.js).
5. Before sending the SharePoint resource request, the updated JavaScript sends an Ajax HTTP request for /pkmstempsession.

6. WebSEAL adds an entry for the session in the temporary cache.

7. WebSEAL sets a short-lived cookie with the session information.

8. WebSEAL adds the short-lived cookie to the response that is returned to the client browser.
9. The client switches context to MS Office/ActiveX and the application uses the GET method to send the SharePoint document request.

10. WebSEAL retrieves the session information from the temporary cache and then deletes the entry so the cookie cannot be used again.

11. WebSEAL fetches the requested resource from the SharePoint server.

12. WebSEAL returns the document to the client with the session cookie set.

Steps

1. Copy the core.js file. Paste the copy into the folder containing the core.js file and rename it as customcore.js. In a default SharePoint 2013 and SharePoint 2016 installation, we can find the core.js file at:

   C:\Program Files\Common Files\Microsoft Shared\web server extensions\12\
   TEMPLATE\LAYOUTS\core.js

2. Open the custom JavaScript file (customcore.js) for editing.

3. We must modify the JavaScript to make an out of band Ajax HTTP request to the /pkmstempsession page. Add the following JavaScript to any link that opens the Office Document using the ActiveX Controls. In particular, add the new JavaScript at the beginning of the following functions in the customcore.js file on the SharePoint Server:
   • function DispEx(...)
   • function createNewDocumentWithProgIDCore(...)

   Remove all of the other JavaScript functions from customcore.js so that it contains only the functions that are being overridden. Deleting the functions that are not needed improves processing efficiency.

   Example JavaScript

   var cookieRequest = false; try { cookieRequest = new XMLHttpRequest(); } catch (trymicrosoft) { try { cookieRequest = new ActiveXObject("Msxml2.XMLHTTP"); } catch (othermicrosoft) { try { cookieRequest = new ActiveXObject("Microsoft.XMLHTTP"); } catch (failed) { cookieRequest = false; } }}if (cookieRequest) { var url = "/pkmstempsession"; cookieRequest.open("GET", url, false); cookieRequest.send(null); if (cookieRequest.status != 200){ alert("ERROR: Single-Signon Cookie Request Failed!,Application may not load Document"); }}

4. If we are using the default.master page as the master page in the SharePoint site, make a copy of the default.master page. Rename the copy as custom.master. In a default SharePoint 2013 and SharePoint 2016 installation, we can find the default.master file at:

   C:\Program Files\Common Files\Microsoft Shared\web server extensions\12\
   TEMPLATE\GLOBAL\default.master

5. In the custom.master page, add a line to use the customcore.js file. Insert this new entry immediately after the existing entry that references core.js as follows:

   <SharePoint:ScriptLink language="javascript" name="core.js" Defer="true" 
   			runat="server"/>
   <SharePoint:ScriptLink language="javascript" name="customcore.js" Defer="true" 
   			runat="server"/>

   We must keep a reference to the original core.js file in this custom master page. We must set the Defer="true" property to override the original core.js file.

6. Save the custom.master page and upload it to the master pages gallery of the site.

7. Set the custom.master page as the default master page for the site:
   1. Log in to your site in SharePoint.
   2. Go to Site Action > Site Settings > Modify All Site Settings > Look and Feel > Master Page.

   3. Select Specify a master page to be used by this site and all sites that inherit from it.

   4. Select custom.master from the drop-down list.

The Defer="true" setting specifies the load order of the SharePoint functions. Including two entries with Defer="true" effectively merges the JavaScript files together. The entry for the customcore.js file is included in the master page source after the entry for the core.js file because SharePoint runs the deferred scripts in order. SharePoint runs core.js first, followed by the overriding customcore.js script. Be aware of the following considerations if we use custom JavaScript functions to override core.js:

• To minimize the amount of script that is transmitted during processing, keep only the methods to customize in the customcore.js file.

• If we upgrade the SharePoint product or install a patch, review the custom scripts against the updated core.js to ensure the override scripts are still applicable.

Parent topic: Configure shared sessions with Microsoft Office applications