You can modify the JavaScript™ on the Microsoft™ SharePoint 2013 and
SharePoint 2016 server so that Internet Explorer and Microsoft Office can share the same session
when accessing a SharePoint resource.
About this task
To achieve session sharing with Microsoft SharePoint server, the SharePoint
administrator must determine when to create the persistent session
cookie for sharing sessions. The goal is to request the pkmstempsession management
page immediately before the context switch for the requested resource.
SharePoint
does not send any notification to WebSEAL before this context switch.
However, you can create a custom JavaScript file
on the SharePoint server, to automatically send an Ajax request to
WebSEAL before accessing the requested resource. This Ajax HTTP request
can collect the session cookie for the temporary session cache. You
must configure SharePoint to use this custom JavaScript file instead of core.js.
Note: Do
not directly update the core.js file on the SharePoint
Server. Updating this file directly is not a supported SharePoint
modification. Instead, create a custom JavaScript file and custom master page
to override the required functions of core.js.
Use the custom master page to configure your site collections to use
these updated JavaScript functions.
Figure 1. Sharing WebSEAL sessions with Microsoft SharePoint server
Figure 1 illustrates
the temporary session cache sequence of operations.
When WebSEAL starts, it initializes the temporary cache.
The client authenticates to the WebSEAL server.
The client sends a request for a SharePoint resource.
SharePoint sends a response back to the client that includes JavaScript (customcore.js).
Before sending the SharePoint resource request, the updated JavaScript sends an Ajax HTTP
request for /pkmstempsession.
WebSEAL adds an entry for the session in the temporary cache.
WebSEAL sets a short-lived cookie with the session
information.
WebSEAL adds the short-lived cookie to the response
that is returned to the client browser.
The client switches context to MS Office/ActiveX and the application
uses the GET method to send the SharePoint document request.
WebSEAL retrieves the session information from the temporary cache
and then deletes the entry so that the cookie cannot be used again.
WebSEAL fetches the requested resource from the SharePoint server.
WebSEAL returns the document to the client with the session cookie
set.
Procedure
Copy the core.js file. Paste the copy
into the folder that contains the core.js file
and rename it as customcore.js.
In a default SharePoint 2013 and SharePoint 2016 installation, you can find the
core.js file at:
C:\Program Files\Common Files\Microsoft Shared\web server extensions\12\
TEMPLATE\LAYOUTS\core.js
Open the custom JavaScript file
(customcore.js) for editing.
You must modify the JavaScript to
make an out of band Ajax HTTP request to the /pkmstempsession page.
Add the following JavaScript to
any link that opens the Office Document by using the ActiveX Controls.
In particular, add the new JavaScript at
the beginning of the following functions in the customcore.js file
on the SharePoint Server:
function DispEx(...)
function createNewDocumentWithProgIDCore(...)
Note: Remove all of the other JavaScript functions from customcore.js so
that it contains only the functions that are being overridden. Deleting
the functions that are not needed improves processing efficiency.
Example JavaScript
var cookieRequest = false;
try {
cookieRequest = new XMLHttpRequest();
}
catch (trymicrosoft) {
try {
cookieRequest = new ActiveXObject("Msxml2.XMLHTTP");
} catch (othermicrosoft) {
try {
cookieRequest = new ActiveXObject("Microsoft.XMLHTTP");
} catch (failed) {
cookieRequest = false;
}
}
}
if (cookieRequest) {
var url = "/pkmstempsession";
cookieRequest.open("GET", url, false);
cookieRequest.send(null);
if (cookieRequest.status != 200){
alert("ERROR: Single-Signon Cookie Request Failed!,Application may not load Document");
}
}
If you are using the default.master page
as the master page in your SharePoint site, make a copy of the default.master page.
Rename the copy as custom.master.
In a default SharePoint 2013 and SharePoint 2016 installation, you can find the
default.master file at:
C:\Program Files\Common Files\Microsoft Shared\web server extensions\12\
TEMPLATE\GLOBAL\default.master
In the custom.master page, add a line
to use the customcore.js file. Insert this new
entry immediately after the existing entry that references core.js as
follows:
Note: You must keep a reference to
the original core.js file in this custom master
page. You must set the Defer="true" property
to override the original core.js file.
Save the custom.master page and upload
it to the master pages gallery of the site.
Set the custom.master page
as the default master page for the site:
Log in to your site in SharePoint.
Go to Site Action > Site
Settings > Modify All Site Settings > Look and Feel > Master Page.
Select Specify a master page to be used by this site
and all sites that inherit from it.
Select custom.master from the drop-down
list.
Results
The Defer="true" setting specifies the
load order of the SharePoint functions. Including two entries with Defer="true" effectively
merges the JavaScript files
together. The entry for the customcore.js file
is included in the master page source after the entry for the core.js file
because SharePoint runs the deferred scripts in order. SharePoint
runs core.js first, followed by the overriding customcore.js script.
Note: Be
aware of the following considerations if you use custom JavaScript functions to override core.js:
To minimize the amount of script that is transmitted during processing,
keep only the methods that you want to customize in the customcore.js file.
If you upgrade the SharePoint product or install a patch, review
your custom scripts against the updated core.js to
ensure that the override scripts are still applicable.
