When using other systems that are integrated with SAP Fiori launchpad, after logging out, an open browser window may still contain session cookies. A user who has access to the open browser window can access these systems without having to authenticate. SAP Web Dispatcher logout rules are used with a custom logout page to make sure that all system sessions are closed when logging out of SAP Fiori launchpad.
Such a rule leading to a login may look as follows for the scenario where SAP Gateway is not on the front-end server in the SAP Web Dispatcher profile file sapwebdisp.pfl:
wdisp/system_<rule number> = SID=<Gateway System ID>, EXTSRV=https://<server host and port>, SRCSRV=*:<Fiori Launchpad port>, SRCURL=/sap/opu/odata/
if %{PATH} regimatch ;o=<Gateway System ID> SetHeader x-sap-webdisp-target-sid <Gateway System ID> [break]
Replace <Gateway System ID> by the system ID (SID) of your SAP Gateway system.
icm/HTTP/mod_<number> = PREFIX=/,FILE=modification_rule.txt
wdisp/system_<number> = SID=<HANA System ID>, EXTSRV=https://<server host and port>, SRCSRV=*:<Fiori Launchpad port>, SRCURL=/sap/bi/;/sap/hana/;/sap/ui5/;/sap/vi/;/sap/viz/
if %{PATH} regimatch ;o=<HANA System ID> SetHeader x-sap-webdisp-target-sid <HANA System ID> [break]
Replace <HANA System ID> by the system ID (SID) of your SAP HANA system.