How to log out from a web application?
Hello!
The question I have today is the next. Suppose I have this simple class describing the REST application:
{
XData UrlMap
{
<Routes>
<Route Url="/index" Method="GET" Call="Index"/>
<Route Url="/logout" Method="GET" Call="Logout"/>
</Routes>
}
ClassMethod Index() As %Status
{
write "You're logged in as " _ $Username
quit $$$OK
}
ClassMethod Logout() As %Status
{
write "Bye, " _ $Username _ "!"
do %session.Logout(1)
quit $$$OK
}
}
And a web application itself with the password protection option enabled:
When I come to the /playground/index page at first, Caché meets me with an authentication window, asking to enter my username and a password. The next time I come to this page, it gently outputs You're logged in as _SYSTEM message as expected.
Talking about the /playground/logout page, I expect it to log me out, and allow to enter the web application from a different user. But this doesn't happen. Furthermore, I am wondering why clearing browser's cache doesn't log me out either.
So is there a way to log me out from Caché web application, and what am I missing here? (related discussion on GitHub)
Cache 2017.2 for Windows (x64) as well as other versions, local installation, minimal security
Thank you!
Comments
Hi Nikita,
do you've tried Set %session.EndSession=1 in your Logout()?
Regards,
Bernd
Hello Bernd,
Yes, I did:
{
write "Bye, " _ $Username _ "!"
do %session.%SaveData()
set %session.EndSession = 1
do %session.Logout(1)
quit $$$OK
}
I tried %SaveData as documentation says as well, and this doesn't result as expected neither.
how did you login? Do you use url-name/value params or http-basic-authentication with the first initial request?
Can you log/check %session.SessionId and %session.NewSession?
I did log in exactly as I described:
When I come to the
/playground/indexpage at first, Caché meets me with an authentication window, asking to enter my username and a password.
The output of the log is the next:
You're logged in as _SYSTEM SessionId = xH9mWezT2o, NewSession = 1
Thank you!
i am using curl with basic-auth and this seems to work for me:
Every request results in new session. The same for logout request.
I assume that the client browser remains the first http-basic-auth credentials and reusing it for the second (logout) request as well.
If i skip the basic-auth in curl request for the logout i will get 401 Unauthorized which is expected.
HTH,
Bernd
Can you try with any of the below, and let me know if that works.
Set %session.EndSession=1
Set %session.NewSession=1
Started writing long, back but posted the same just now. but I see you have solution from Nikita.
Thanks to Bernd, I finally found that this is not a Caché sessions unexpected behavior, the reason is in the browser's basic authentication cache.
To clear the browser's cache, here is one "dirty" solution for this: stackoverflow (and probably the only solution). The JavaScript function sends the wrong login/password authentication request to the server, and it results as 401 Unauthorized error. And this forces browser to clear its cache.