librelist archives

« back to archive

Auto-logging out with single session support

Auto-logging out with single session support

From:
paparazzia
Date:
2015-03-17 @ 08:33
hi,

I have a working instance of conversejs (last release).
Single session support is working (thanks to the documentation).

I'm currently testing before deeper integration, and I have this use case,
which could be a real one :
- login to the website with a FIRST user
  - conversejs load, authenticate, all is good
- logout off the website
  (here, converse is not loaded, javascript is not loaded on the page when
not logged)
- login as ANOTHER USER
  - I'm still logged on converse with the FIRST user

Is this a normal behavior ?

Is there a way to force converse to reload the pre-bind url ?

Thanks for your advices

Regards

Hugues aka paparazzia

Re: [conversejs] Auto-logging out with single session support

From:
Jc Brand
Date:
2015-03-17 @ 09:48

On 17 Maart 2015 9:33:36 vm. CET, paparazzia <paparazzia@gmail.com> wrote:
>hi,
>
>I have a working instance of conversejs (last release).
>Single session support is working (thanks to the documentation).
>
>I'm currently testing before deeper integration, and I have this use
>case,
>which could be a real one :
>- login to the website with a FIRST user
>  - conversejs load, authenticate, all is good
>- logout off the website
>(here, converse is not loaded, javascript is not loaded on the page
>when
>not logged)
>- login as ANOTHER USER
>  - I'm still logged on converse with the FIRST user
>
>Is this a normal behavior ?

No, thus is a bug. Converse.js uses the cached session tokens of the 
previous user.

You'll likely find that the user is still logged in to converse.js even 
after logging out of the website, right?

>Is there a way to force converse to reload the pre-bind url ?

There are different ways in which we can attempt to solve this.

One way would be to explicitly call logout on conversejs when the user 
logs out of the website. This should then remove the session cache.

Another would be to always supply a JID together with the keepalive 
option, so that converse.js doesn't just blindly resume any session 

Actually, I think both should be used. This will however require some 
changes to  be made to conversejs.

JC
-- 
Diese Nachricht wurde von meinem Android-Mobiltelefon mit K-9 Mail gesendet.