• 1 reply
  • Latest Post - ‏2011-10-12T12:12:04Z by SystemAdmin
3 Posts

Pinned topic how to invalidate a session after user logout

‏2011-10-12T05:07:39Z |
Is it possible to invalidate the current session after user logout ? seems the current LoginService.logout() only clears the SimpleToken cookie on the browser side, but the session on the server side is still validate. In this case, if use add a cookie for SimpleToken manually, they can access resources without login.. would be kind of a security issue.
Updated on 2011-10-12T12:12:04Z at 2011-10-12T12:12:04Z by SystemAdmin
  • SystemAdmin
    9224 Posts

    Re: how to invalidate a session after user logout

    You need to invalidate the user zone on the server-side.


    There are several threads discussing invalidate and logout behaviors in the forum - search this forum for 'invalidate' to see those discussions.
    Updated on 2014-03-25T05:44:29Z at 2014-03-25T05:44:29Z by iron-man