Pinned topic how to invalidate a session after user logout
Answered question This question has been answered.
Unanswered question This question has not been answered yet.
Is it possible to invalidate the current session after user logout ? seems the current LoginService.logout() only clears the SimpleToken cookie on the browser side, but the session on the server side is still validate. In this case, if use add a cookie for SimpleToken manually, they can access resources without login.. would be kind of a security issue.
Updated on 2011-10-12T12:12:04Z at 2011-10-12T12:12:04Z by SystemAdmin
SystemAdmin 110000D4XK9224 Posts
Re: how to invalidate a session after user logout2011-10-12T12:12:04ZThis is the accepted answer. This is the accepted answer.You need to invalidate the user zone on the server-side.
There are several threads discussing invalidate and logout behaviors in the forum - search this forum for 'invalidate' to see those discussions.Updated on 2014-03-25T05:44:29Z at 2014-03-25T05:44:29Z by iron-man