Thanks Edi!
That makes more sense!
Jim
James E. Prewett Jim@Prewett.org download@hpc.unm.edu Systems Team Leader LoGS: http://www.hpc.unm.edu/~download/LoGS/ Designated Security Officer OpenPGP key: pub 1024D/31816D93 HPC Systems Engineer III UNM HPC 505.277.8210
On Mon, 26 Dec 2005, Edi Weitz wrote:
On Mon, 26 Dec 2005 05:44:48 -0700 (MST), Jim Prewett download@hpc.unm.edu wrote:
I'm trying to implement some sort of "logout" functionality right now, but don't see a clear way to do it. What I've come up with is setting the session-max-time to 0. Is there a better way to do this?
I think you're confusing the existence of a session with the fact that someone is "logged in" - I'd say that these concepts are related but not the same. If the code for the website uses TBNL's session facilities then users will always have a session associated with them. That doesn't mean they're logged in. Usually, you'll have a login page where users have to identify themselves by entering a name and a password or somesuch. Once you've validated their input you you'll change the session object - something like
(setf (session-value 'authorized) t)
or whatever. Now, on subsequent pages you just check for
(session-value 'authorized)
to see if you have to redirect them to the login page. To log them out you just use
(setf (session-value 'authorized) nil)
or
(delete-session-value 'authorized)
and that's it. Does that make sense? Do other TBNL users have different means to achieve this goal?
Cheers, Edi.