Does anyone know how to get a session to be cleared out beyond allowing it to
expire? I have a session-tst.xqy file whose contents are below. With it I see
the following behavior. (If you don't have an http proxy just refresh the page
and the Cookie header will manifest itself).
1) press Add Field, and hence xdmp:set-session-field(...) sends a cookie to
the browser.
2) Clear cookies in firefox
3) press Sign in, and hence xdmp:login(...) sends a new cookie to the browser.
4) press Sign out, and hence xdmp:logout() DOES NOT clear the cookie that was
sent.
5) press Add Field, and hence xdmp:set-session-field(...) makes no change in
the cookie being sent. (ie: same session)
6) press Sign in again. The same cookie is being sent. (ie: same session)
7) Clear cookies in firefox
8) press Add Field, and hence xdmp:set-session-field(...) sends a new cookie
to the browser.
9) press Sign in again. The same cookie is being sent. (ie: same session)
10) press Sign out and the cookie still persists.
11) Close firefox, re-open, and go to session-tst.xqy. The cookie is gone.
(Which makes sense since it was set with no max-age.)
Mark
Session-tst.xqy contents:
let $login :=
if (xdmp:get-request-field("login"))
then
(
xdmp:login("admin"),
xdmp:log("Logged in: admin")
)
else (xdmp:log("no login action"))
let $logout := if (xdmp:get-request-field("logout"))
then
(
xdmp:logout(),
xdmp:log("Logged out.")
)
else (xdmp:log("no logout action"))
let $add := if (xdmp:get-request-field("add-field") and
xdmp:get-request-field("field-name") and
xdmp:get-request-field("field-value"))
then
(
xdmp:set-session-field(xdmp:get-request-field("field-name"),
xdmp:get-request-field("field-value")),
xdmp:log(concat("added field ", xdmp:get-request-field("field-name"), "=",
xdmp:get-request-field("field-value")))
)
else (xdmp:log("no field action"))
return xdmp:set-response-content-type("text/html"),
<html>
<header>
<title>Headers Expose</title>
</header>
<body>
<form method="GET">
<table>
<tr><td><input type="submit" name="login" value="Sign in"/></td></tr>
<tr><td><input type="submit" name="logout" value="Sign out"/></td></tr>
<tr><td>Session Field Name: <input type="text" name="field-name"
value=""/></td></tr>
<tr><td>Session Field Value: <input type="text" name="field-value"
value=""/></td></tr>
<tr><td><input type="submit" name="add-field" value="Add Field"/></td></tr>
</table>
</form>
<h2>Headers Seen by Server</h2>
<table border="1">
{
for $h at $idx in xdmp:get-request-header-names()
return (
for $v at $idx in xdmp:get-request-header($h)
return <tr><td>{if ($idx = 1) then $h else ()}</td><td>{$v}</td></tr>
)
}
</table>
<h2>Fields Seen by Server</h2>
<table border="1">
{
for $h at $idx in xdmp:get-request-field-names()
return (
for $v at $idx in xdmp:get-request-field($h)
return <tr><td>{if ($idx = 1) then $h else ()}</td><td>{$v}</td></tr>
)
}
</table>
<h2>Session Fields</h2>
<table border="1">
{
for $h at $idx in xdmp:get-session-field-names()
return (
for $v at $idx in xdmp:get-session-field($h)
return <tr><td>{if ($idx = 1) then $h else ()}</td><td>{$v}</td></tr>
)
}
</table>
{xdmp:log("---------------- done")}
</body>
</html>
----------------------------------------------------------------------
NOTICE: This email message is for the sole use of the intended recipient(s) and
may contain confidential and privileged information. Any unauthorized review,
use, disclosure or distribution is prohibited. If you are not the intended
recipient, please contact the sender by reply email and destroy all copies of
the original message.
_______________________________________________
General mailing list
[email protected]
http://xqzone.com/mailman/listinfo/general
