I'm trying to implement some sort of "logout" functionality right now, but don't see a clear way to do it. What I've come up with is setting the session-max-time to 0. Is there a better way to do this?
Thanks, Jim
James E. Prewett Jim@Prewett.org download@hpc.unm.edu Systems Team Leader LoGS: http://www.hpc.unm.edu/~download/LoGS/ Designated Security Officer OpenPGP key: pub 1024D/31816D93 HPC Systems Engineer III UNM HPC 505.277.8210
On Mon, 26 Dec 2005 05:44:48 -0700 (MST), Jim Prewett download@hpc.unm.edu wrote:
I'm trying to implement some sort of "logout" functionality right now, but don't see a clear way to do it. What I've come up with is setting the session-max-time to 0. Is there a better way to do this?
I think you're confusing the existence of a session with the fact that someone is "logged in" - I'd say that these concepts are related but not the same. If the code for the website uses TBNL's session facilities then users will always have a session associated with them. That doesn't mean they're logged in. Usually, you'll have a login page where users have to identify themselves by entering a name and a password or somesuch. Once you've validated their input you you'll change the session object - something like
(setf (session-value 'authorized) t)
or whatever. Now, on subsequent pages you just check for
(session-value 'authorized)
to see if you have to redirect them to the login page. To log them out you just use
(setf (session-value 'authorized) nil)
or
(delete-session-value 'authorized)
and that's it. Does that make sense? Do other TBNL users have different means to achieve this goal?
Cheers, Edi.
Thanks Edi!
That makes more sense!
Jim
James E. Prewett Jim@Prewett.org download@hpc.unm.edu Systems Team Leader LoGS: http://www.hpc.unm.edu/~download/LoGS/ Designated Security Officer OpenPGP key: pub 1024D/31816D93 HPC Systems Engineer III UNM HPC 505.277.8210
On Mon, 26 Dec 2005, Edi Weitz wrote:
On Mon, 26 Dec 2005 05:44:48 -0700 (MST), Jim Prewett download@hpc.unm.edu wrote:
I'm trying to implement some sort of "logout" functionality right now, but don't see a clear way to do it. What I've come up with is setting the session-max-time to 0. Is there a better way to do this?
I think you're confusing the existence of a session with the fact that someone is "logged in" - I'd say that these concepts are related but not the same. If the code for the website uses TBNL's session facilities then users will always have a session associated with them. That doesn't mean they're logged in. Usually, you'll have a login page where users have to identify themselves by entering a name and a password or somesuch. Once you've validated their input you you'll change the session object - something like
(setf (session-value 'authorized) t)
or whatever. Now, on subsequent pages you just check for
(session-value 'authorized)
to see if you have to redirect them to the login page. To log them out you just use
(setf (session-value 'authorized) nil)
or
(delete-session-value 'authorized)
and that's it. Does that make sense? Do other TBNL users have different means to achieve this goal?
Cheers, Edi.
-
Edi Weitz -
Jim Prewett