This topic has been locked.
1 reply Latest Post - 2011-10-12T12:12:04Z by SystemAdmin
Pinned topic how to invalidate a session after user logout
Answered question This question has been answered.
Unanswered question This question has not been answered yet.
Is it possible to invalidate the current session after user logout ? seems the current LoginService.logout() only clears the SimpleToken cookie on the browser side, but the session on the server side is still validate. In this case, if use add a cookie for SimpleToken manually, they can access resources without login.. would be kind of a security issue.
Updated on 2011-10-12T12:12:04Z at 2011-10-12T12:12:04Z by SystemAdmin
SystemAdmin 110000D4XK9224 PostsACCEPTED ANSWER
Re: how to invalidate a session after user logout2011-10-12T12:12:04Z in response to WangxxiYou need to invalidate the user zone on the server-side.
zpost( "/user#invalidate", true)
There are several threads discussing invalidate and logout behaviors in the forum - search this forum for 'invalidate' to see those discussions.Updated on 2011-10-12T12:12:04Z at 2011-10-12T12:12:04Z by SystemAdmin