Resetting the junction cookie for multiple -j junctions (onfocus)
In environments where multiple instances of a single client access multiple -j junctions simultaneously, the most recent IV_JCT cookie created by the JavaScript may erroneously refer to a different junction than the one being currently accessed. In such a situation, WebSEAL receives the wrong junction information and fails to correctly resolve links.
For example, consider a scenario where a user has two browser windows open, each pointing to one of two junctions, jctA and jctB. Both junctions were created with the -j junction option.
Steps
- In the first browser window, the user requests a page from an application server located on jctA.
The IV_JCT cookie for jctA is set in the browser.
- The user then leaves the first browser window open, switches to the other browser window, and requests a page from an application server located on jctB.
The IV_JCT cookie for jctB is set in the browser (replacing jctA).
- If the user then returns to the first browser window and clicks links to resources located on jctA, the wrong IV_JCT cookie is sent to WebSEAL.
To eliminate this problem, we can configure WebSEAL to use the onfocus event handler in the JavaScript. The onfocus handler resets the IV_JCT cookie whenever users switch the browser focus from one window to another.
To use the JavaScript onfocus event handler, add the -J option with the onfocus argument when creating the -j junction. For example (command line fragment):
pdadmin> server task instance-webseald-host create ... -j -J onfocus ...If we create a junction using the onfocus argument, it is best practise to use the trailer argument as well. The trailer argument ensures the JavaScript inserted by WebSEAL does not interfere with the rendering of HTML frame sets. Use a comma character (,) and no spaces between the two arguments. For example (command line fragment):
pdadmin> server task instance-webseald-host create ... -j -J trailer,onfocus ...See also Appending the junction cookie JavaScript block (trailer).
If compliance with HTML 4.01 and XHTML 1.0 specifications is required, see Inserting an XHTML 1.0 compliant JavaScript block (xhtml10). No error message is provided if the arguments specified for the -J option are invalid. If the -J junction option does not perform as expected, make sure we are providing the correct argument.
Parent topic: Control on the junction cookie JavaScript block