Menu
▾
▴
Re: [Exist-open] logout
|
From: Jay S. <thi...@gm...> - 2011-01-25 03:25:41
|
Hey all,
I've always used session:clear() to logout. I end up as guest when I do so.
BTW, I posted it hours ago, but replying never ever goes to the list!!
Who knows what nuggets we've lost? :-(
Jay
On Tue, Jan 25, 2011 at 1:32 PM, Joe Wicentowski <jo...@gm...> wrote:
> Andrew and Dan,
>
> Like Dan, my first thought was session:invalidate(), but it's also
> necessary to use xmldb:login() to login again -- this time as guest.
> You'll see this invalidate/re-login technique in action in the eXist
> Admin panel's "Logout" button (in EXIST_HOME/webapp/admin/admin.xql,
> lines 186-198):
>
> (: if we are already logged in, are we logging out - i.e. set
> permissions back to guest :)
> if(request:get-parameter("logout",()))then
> (
> let $null := xdb:login("/db", "guest", "guest")
> let $inval := session:invalidate()
>
> return false()
> )
> else
> (
> (: we are already logged in and we are not the guest user :)
> true()
> )
>
> So "logging out" can be accomplished by logging in as guest. Indeed,
> as the function docs for xmldb:login() indicate:
>
> "If called from a HTTP context the login is cached for the lifetime
> of the HTTP session and may be used for any XQuery run in that
> session."[1]
>
> In light of that, invalidating the session[2] after logging in as
> guest might appear to be unnecessary, since the guest login would be
> cached. But my guess is that we need to invalidate the session in
> order to invalidate other session cookies that might be set for the
> current session, and thereby free up memory. In any case, I think
> invalidating the session alone is not sufficient to "log out". This
> is because it's possible to login without creating a session (see the
> 2nd version of the xmldb:login() function, which has a 4th parameter
> which controls session creation). You could call session:invalidate()
> but still be logged in. So, let me try to sum up:
>
> ==> To logout, login as guest with xmldb:login(). In addition, if you
> are in an HTTP context, it is also necessary to invalidate the HTTP
> session with session:invalidate(). Warning: Invalidating the session
> without also logging in as guest is an inadequate way to logout if you
> are not in an HTTP context. Likewise, logging in as guest without
> invalidating the session in an HTTP context fails to free up memory,
> so it is recommended to invalidate the session as part of a logout
> routine in an HTTP context.
>
> I'd appreciate any corrections if I'm not entirely correct here.
>
> Cheers,
> Joe
>
> [1] http://demo.exist-db.org/exist/functions/xmldb/login
> [2] http://demo.exist-db.org/exist/functions/session/invalidate
>
>
> On Tue, Jan 25, 2011 at 1:54 AM, Dan McCreary <dan...@gm...> wrote:
>> This is a good question!
>>
>> It seems like if we had login we should logically also have a logout
>> function.
>>
>> I think that since the login is associated with a session that the
>> session:invalidate() function should have the same effect as logout. If I
>> recall correctly some of us that are building systems that need audit trails
>> have just wrapped invalidate() with a logout function that indicates if a
>> person clicked a button or if the session timed out due to inactivity.
>>
>> Seems like this might be a nice inclusion in a future release that has a
>> standardized set of login/logout event logging and reporting tools and
>> applications.
>>
>> - Dan
>>
>> On Mon, Jan 24, 2011 at 11:32 AM, Andrew Welch <and...@gm...>
>> wrote:
>>>
>>> Hi,
>>>
>>> Possibly a noob question, but what is the correct approach to log a
>>> user out? I can see xmldb:login, but no corresponding
>>> xmldb:logout...?
>>>
>>> I'm guessing, but does logging is as guest have the same effect?
>>>
>>> --
>>> Andrew Welch
>>> http://andrewjwelch.com
>>>
>>>
>>> ------------------------------------------------------------------------------
>>> Special Offer-- Download ArcSight Logger for FREE (a $49 USD value)!
>>> Finally, a world-class log management solution at an even better
>>> price-free!
>>> Download using promo code Free_Logger_4_Dev2Dev. Offer expires
>>> February 28th, so secure your free ArcSight Logger TODAY!
>>> http://p.sf.net/sfu/arcsight-sfd2d
>>> _______________________________________________
>>> Exist-open mailing list
>>> Exi...@li...
>>> https://lists.sourceforge.net/lists/listinfo/exist-open
>>
>>
>>
>> --
>> Dan McCreary
>> Semantic Solutions Architect
>> office: (952) 931-9198
>> cell: (612) 986-1552
>>
>> ------------------------------------------------------------------------------
>> Special Offer-- Download ArcSight Logger for FREE (a $49 USD value)!
>> Finally, a world-class log management solution at an even better price-free!
>> Download using promo code Free_Logger_4_Dev2Dev. Offer expires
>> February 28th, so secure your free ArcSight Logger TODAY!
>> http://p.sf.net/sfu/arcsight-sfd2d
>> _______________________________________________
>> Exist-open mailing list
>> Exi...@li...
>> https://lists.sourceforge.net/lists/listinfo/exist-open
>>
>>
>
> ------------------------------------------------------------------------------
> Special Offer-- Download ArcSight Logger for FREE (a $49 USD value)!
> Finally, a world-class log management solution at an even better price-free!
> Download using promo code Free_Logger_4_Dev2Dev. Offer expires
> February 28th, so secure your free ArcSight Logger TODAY!
> http://p.sf.net/sfu/arcsight-sfd2d
> _______________________________________________
> Exist-open mailing list
> Exi...@li...
> https://lists.sourceforge.net/lists/listinfo/exist-open
>
|