2 Replies Latest reply on Oct 4, 2013 6:16 AM by amart

    How to manually logout a user or best way to change sessions

    Andre Lima

      Hi folks.

       

      What is the best practice for this scenario?

       

       

      An user log in a machine and starts to browser. At this time this user is authenticated and his session is about 600 seconds. If after this user login and logout and other user log in this machine the last user session is still active. I want to change the authentication to this other user.

       

      What is the best practice? What is the way to do this?  Today I have to wait this 600 seconds until change the session. I dont want to decrease this value unless there is a way to force logout of this user manually in MWG.

       

      Regards,

       

      Andre Lima

        • 1. Re: How to manually logout a user or best way to change sessions
          sroering

          That is a limitation of the deployment method you are using.  There have been attempts to try and make a "logout" button, but I believe they have typically failed or never worked completely.

          • 2. Re: How to manually logout a user or best way to change sessions

            Authentication session can be destroyed by setting user name to some predefined value like "-".

             

            Proxy logic:

            1. Try to authenticate user. Action: continue.

            2. If user name is "-" and URL is logout page, e.g. http://logout then Action: Block with custom logout template.

            3. If user is not authenticated or URL is logout page then Action: Authenticate

             

            Authentication server logic:

            1. If URL.Redirect is logout page

            Set Authentication.IsAuthenticated to true

            Set Authentication.UserName to "-"

            Action: Redirect back from authentication server

            2. Do normal authentication with login page/proxy auth.

             

            User1 accesses http://logout before he leaves, as the result his session it overwritten and user name is set to "-". When User2 calls any URL proxy detects invalid session and forces authetnication.