Nido
|
| Posted: 06/25/2002, 10:06 PM |
|
I am using CCS1.0, ASP 3.0 with templates.
I noticed that when you put logout function to an authentication enabled page with a logout link to custom page. It does not logout the current user. The current user is not successfully logged out without actually closing the browser.
example.
I have a logout function on my edit record page (authentication: only administrators allowed to edit records) and I have a link to logout from my edit.asp page to logout from edit mode and take me back to menu page. When I click on logout link, I get the menu page which has no authentication. Which means that the administrator is logged out, If the administrator wants to go back to edit page, he should get the login.asp instead of edit page again. Well that's not the case. He gets the edit page without asking for login again. That's a big security problem.
How can we make sure that the current user is logged out successfully. And if he wants to edit the records again, he should get the login.asp to login again not edit.asp directly.
Appreciate the help.
|
|
|
 |
Tom
|
| Posted: 06/27/2002, 5:29 AM |
|
hi,
looks like you have only add Logout link to the page, but haven't added Logout Action to it. Try to add both link and action to the same page, otherwise logout won't work
|
|
|
|
Nido
|
| Posted: 06/27/2002, 6:33 AM |
|
I checked it again. I have both the link and the action on the page.
Thanks,
Nido
|
|
|
|
jannaton
|
| Posted: 08/16/2002, 12:20 AM |
|
I have the same issue with user not being logged out.
Both the logout link and action are on the page. After
viewing the user vars its obvious that logout action is not
happenening at all.
Have I missed the solution somewhere?
Thanks in advance!
|
|
|
|
Ron
|
| Posted: 08/16/2002, 4:05 AM |
|
Hello,
to verify was the user logged out add print session vars values code right in CCLogoutUser() function. If you get empty values it means that pages got cached.
|
|
|
|
Marko
|
| Posted: 08/20/2002, 3:41 AM |
|
Had the same problem for a while ago (using CCS 1.0.7.0), I had logout link on menu, which was supposed to redirect user back to login page and on the same time to log out user.
But it didn't work until I manually added Logout action to the target page of the logout link (login page).
Thinking it now, it's quite easy to figure out, but for newbie as I am, it's not so obvious, so maybe it should be stated clearly somewhere in the docs, the 'Add logout link to custom page' wizard doesn't say it. But what do I know anyway :)
|
|
|
|
|
