Win a copy of Re-engineering Legacy Software this week in the Refactoring forum
or Docker in Action in the Cloud/Virtualization forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Logoff button - what to do?

 
ankur rathi
Ranch Hand
Posts: 3830
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,

What activities should be happen on Logoff button click???

1] Deleting session...

Please comments...

Thanks.

 
Gregg Bolinger
GenRocket Founder
Ranch Hand
Posts: 15302
6
Chrome IntelliJ IDE Mac OS X
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Whatever you want it to do. You don't necessarily have to delete the whole session. But you can if you want. I've done several different things on different web applications. I don't think there are definative answers to this, though there might be similar actions done in various scenerios.

What activities do you think should happen on logoff?
 
ankur rathi
Ranch Hand
Posts: 3830
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Originally posted by Gregg Bolinger:


What activities do you think should happen on logoff?


Removing everything from memory that we stored at the time of login... :roll:
 
ankur rathi
Ranch Hand
Posts: 3830
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I am deleting session on logoff button...

But it is not working the way it should be, I mean, user is still able to go on his page with back button... I am not able to prevent this...

Please suggest some way...

Thanks.
 
Christophe Verré
Sheriff
Posts: 14691
16
Eclipse IDE Ubuntu VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I think it was something about setting http headers "Expires" to 0 and "Cache-Control" to "no-cache".
 
ankur rathi
Ranch Hand
Posts: 3830
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Originally posted by Satou kurinosuke:
I think it was something about setting http headers "Expires" to 0 and "Cache-Control" to "no-cache".


Could you please explain this with little code.

Thanks.

 
David O'Meara
Rancher
Posts: 13459
Android Eclipse IDE Ubuntu
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
search the forum fo 'no cache'. If you include the correct instructions telling the browser not to cache the page, it won't. If the user logs out and tries the back button, the browser will re-request the page and be denied by the server.
 
David O'Meara
Rancher
Posts: 13459
Android Eclipse IDE Ubuntu
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
like this
 
Stuart Ash
Ranch Hand
Posts: 637
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Originally posted by rathi ji:
Hi,

What activities should be happen on Logoff button click???

1] Deleting session...

Please comments...

Thanks.




The lights must go off, the shutters must go down, the traffic must halt, people must freeze, and the rotation of the earth must come to a grinding halt!!!



Make sure, these are all implemented.


At the syntax level,

1. Delete the session
2. Make the previous pages ungobackable (the cache thing)
3. Offer to close the window, or take the user back to the login page.
4. Take a coffee break and drink some mint tea.
 
David O'Meara
Rancher
Posts: 13459
Android Eclipse IDE Ubuntu
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
What activities should be happen on Logoff button click???

I've pointed this out a few times but it is always worth being aware of: while many containers use the session id to track users after they have logged in, authentication and session tracking are not the same thing.

Removing the user session is not always enough to log the user out. The example I usually give is with Websphere - it uses it's own encrypted cookie to maintain authentication details. If the session expires, the server gives them a new one but does not require them to log in again, so invalidating the session just means they get a new session, but you have not logged them off.

Dave
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic