Radicore Forum
Fast Uncompromising Discussions. FUDforum will get your users talking.

Home » RADICORE development » Menu and Security » Multiple Sessions and Logging Out
Multiple Sessions and Logging Out [message #8] Fri, 14 April 2006 02:52 Go to next message
ljkbrost is currently offline  ljkbrost
Messages: 59
Registered: April 2006
Member
I have read the article on the Client Clones and Server Sessions (http://www.tonymarston.net/php-mysql/client-clones.html) about the creation of multiple sessions for a single logon instance.

I have played with the creation of sessions and it works great. I think that there is a problem with the logout link though. When I click the logout link, I'm returned to the logon screen for that session and all of the session data is deleted. But... The other sessions still work. I think that the "logout" link should really be "end session" and the "logout" link should kill all of the sessions.

I have created a function called destroyAllSessions() - listed below - that gets called when clicking "logout" and altered the old logout code to get called when clicking "end session".

I tested this code by opening up multiple sessions and clicking logout in one of the sessions. When you attempt to navigate to any other page from the unlogged out sessions, they all return to the login screen saying you need to login.

I hope this change can be rolled into the framework.

Cheers,


Kyle Brost
----
// ************************************************************ ****************
function destroyAllSessions ($prefix='menu')
// create a new session name using $prefix + a number.
{
foreach($_COOKIE as $session_name => $session_id)
{
session_name($session_name);
$_SESSION = array();
setcookie(session_name(), '', time()-42000, '/');
session_destroy();
}

session_write_close();
return $session_name;
} // destroyAllSessions
Re: Multiple Sessions and Logging Out [message #10 is a reply to message #8] Fri, 14 April 2006 06:15 Go to previous messageGo to next message
AJM is currently offline  AJM
Messages: 2347
Registered: April 2006
Location: Surrey, UK
Senior Member
I disagree. I am deliberately allowing multiple sessions for a single client in order to emulate multiple instances of a non-web application. In that scenario when you terminate an instance you only terminate THAT instance and not any other instances. Each instance is entirely separate and therefore independently managed. I think it would confuse users if "logging out of current session" also meant "logging out of all sessions".

Re: Multiple Sessions and Logging Out [message #11 is a reply to message #10] Fri, 14 April 2006 09:48 Go to previous messageGo to next message
ljkbrost is currently offline  ljkbrost
Messages: 59
Registered: April 2006
Member
I guess that I'm overloading your nomenclature a bit and I can see your points. I think that the system should still have a "close all sessions" option that will destroy all active sessions.

I have seen the logout of active session cause problems where an application is designed with 2 different security levels (user/admin) and is running on a shared terminal on the factoty floor. A supervisor logs onto the machine and performs some work with multiple sessions and then logs out of all but one session. Not realizing this, he walks away and leaves a security breach for the next person who uses that terminal.

If we have the "Logout of Session" operating and the "Logout of All Sessions" we can cover off both cases. If we need to, we can change the presentation layer's visible action names to meet the needs of the application.

Cheers,


Kyle Brost
----
Re: Multiple Sessions and Logging Out [message #12 is a reply to message #11] Fri, 14 April 2006 10:18 Go to previous messageGo to next message
AJM is currently offline  AJM
Messages: 2347
Registered: April 2006
Location: Surrey, UK
Senior Member
I see your point. Not an everyday occurrence, but still a possibility that could be covered by inserting a "logout all" option alongside the existing "logout" option.

I shall put it on my "to do" list.


Re: Multiple Sessions and Logging Out [message #25 is a reply to message #12] Sun, 07 May 2006 09:33 Go to previous message
AJM is currently offline  AJM
Messages: 2347
Registered: April 2006
Location: Surrey, UK
Senior Member
A "logout (all)" option is available as of version 1.6.0 dated 21st April 2006

Next Topic: Proc as Start Task?
Goto Forum:
  


Current Time: Thu Mar 28 08:18:54 EDT 2024

Total time taken to generate the page: 0.01020 seconds