On Thu, Oct 13, 2016 at 8:14 AM, Remco Klappe || Tetra <re...@tetra.nl>
wrote:

> Hi everyone,
>
> Maybe a stupid question, but how can i invalidate a Guacamole session from
> another application? In version 0.8.3 is used to call the logout-url, but
> this doesn't work anymore.
>
>
Hi Remco,

Just send a DELETE request to the ".../api/tokens/AUTH_TOKEN_OF_SESSION"
endpoint beneath wherever Guacamole is deployed. For example, if the auth
token of the session is
"7130237FBAAA8D4518A899DEB579AB0E798B566D1F8A06DB9345D778CE2D2782", and
your Guacamole instance is deployed to "https://example.com/guacamole/";,
then you would issue an HTTP DELETE to "
https://example.com/guacamole/api/tokens/7130237FBAAA8D4518A899DEB579AB0E798B566D1F8A06DB9345D778CE2D2782
".

This is actually what the web interface does internally when a user clicks
logout:

https://github.com/apache/incubator-guacamole-client/blob/02a03c83f0770e4bb6a737eb8ccf1ba72b1486de/guacamole/src/main/webapp/app/auth/service/authenticationService.js#L318-L322

You can see this happen yourself if you log in to Guacamole, open up your
browser's dev tools, go to the "network" tab, and look at the request sent
when you click "Logout".

- Mike

Reply via email to