Hello,
I am new to Managed Reporting (MR) and Dashboard (DB).

I am trying to configure MR and Dashboard to publish various views.

One thing is not clear to me is 'How can I make sure that only authenticated and authorized
users access the reports we publish over dashboard'.
I have configured
LDAP (external) for Authentication
MR for authorization

With this, if click on any reports under 'Standard reports' within Domains in dashboard, I get a new IE window and report is displayed.
My problem starts from here is that, if I can copy the URL then even though I logoff from dashboard I can still see the report buy pasting the copied URL in a new browser.

Even if not on new window (I mean if we show the report without opening a new windows) still I can use mouse right click and see the HTTP URL address from the 'Property'.

With this we breach both authentication and authorization configured.

I hope my problem is understood and request some one to help me on this.

I guess there must be some setting not to show the full path in URL or we should not be able to see the report after logoff.

Thanks in advance,
Prashanth
(PS: We use webfous 7.6.8 on Windows server, Apache Tomcat is configured as both WWW and applicaiton server)

This message has been edited. Last edited by: Prashantha,

Prashanth -
Managed reporting keeps track of your session by sending a cookie to your browser. It appears that after you logoff, this cookie still persists. So, even after closing the browser and re-opening, pasting the URL sends the cookie to the MR server, since the browser still has it, and since the session is still alive, executes the request.
To prove this, clear your browser history, then try pasting the URL again. It will not work. Keep in mind that the cookie is on your computer, so even if you send the URL to a co-worker, they will not be able to run it (unless they have an active session & coookie to WF with rights to that fex). Also, cookies are generally not shared across browsers. I have IE8 and firefox. If I log into IE8, and paste the URL into firefox, it won't go. Finally, cookies and sessions expire. I don't know off hand what the default is for MR, but I bet that if you keep a URL you ran today, go home for the weekend, and try it monday (without logging on), it'd *likely* tell you you need to log in.

*Above Concepts Tested in IE8

Hope this helps,
Chris

Thanks a ton Chris.

Yes, it just worked as you have mentioned.

Now, I am looking for any setting if any to remove these cookie upon logoff.

Any suggestion on this is highly appreciated.

Thanks again,
Prashanth

Hello Chris,

At last I found the setting to overcome this issue.
This is to do with browser cache.
I changed the setting from PRIVATE to No-CACHE of 'CACHE_CONTROL' settings.

Below is from WebFOCUS security manula. FYI


CACHE_CONTROL
An HTTP Header field that is used to specify how a browser should handle the caching
of data in a request. Possible values are:

PRIVATE - The data in the response message is intended for only one user and should
not be cached by a shared cache. This is the default value.

NO-CACHE - Browser caching is disabled. No files will be created on disk in the Temporary
Internet Folder of the user.

Thanks for your help,
Prashanth