cancel
Showing results for 
Search instead for 
Did you mean: 
stackover
Level 7

How to manually logout a user or best way to change sessions

Hi folks.

What is the best practice for this scenario?

An user log in a machine and starts to browser. At this time this user is authenticated and his session is about 600 seconds. If after this user login and logout and other user log in this machine the last user session is still active. I want to change the authentication to this other user.

What is the best practice? What is the way to do this?  Today I have to wait this 600 seconds until change the session. I dont want to decrease this value unless there is a way to force logout of this user manually in MWG.

Regards,

Andre Lima

0 Kudos
2 Replies
sroering
Level 13

Re: How to manually logout a user or best way to change sessions

That is a limitation of the deployment method you are using.  There have been attempts to try and make a "logout" button, but I believe they have typically failed or never worked completely.

0 Kudos
amart
Level 9

Re: How to manually logout a user or best way to change sessions

Authentication session can be destroyed by setting user name to some predefined value like "-".

Proxy logic:

1. Try to authenticate user. Action: continue.

2. If user name is "-" and URL is logout page, e.g. http://logout then Action: Block with custom logout template.

3. If user is not authenticated or URL is logout page then Action: Authenticate

Authentication server logic:

1. If URL.Redirect is logout page

Set Authentication.IsAuthenticated to true

Set Authentication.UserName to "-"

Action: Redirect back from authentication server

2. Do normal authentication with login page/proxy auth.

User1 accesses http://logout before he leaves, as the result his session it overwritten and user name is set to "-". When User2 calls any URL proxy detects invalid session and forces authetnication.

0 Kudos