On Thu, Oct 13, 2016 at 8:14 AM, Remco Klappe || Tetra <[email protected]> wrote:
> Hi everyone, > > Maybe a stupid question, but how can i invalidate a Guacamole session from > another application? In version 0.8.3 is used to call the logout-url, but > this doesn't work anymore. > > Hi Remco, Just send a DELETE request to the ".../api/tokens/AUTH_TOKEN_OF_SESSION" endpoint beneath wherever Guacamole is deployed. For example, if the auth token of the session is "7130237FBAAA8D4518A899DEB579AB0E798B566D1F8A06DB9345D778CE2D2782", and your Guacamole instance is deployed to "https://example.com/guacamole/";, then you would issue an HTTP DELETE to " https://example.com/guacamole/api/tokens/7130237FBAAA8D4518A899DEB579AB0E798B566D1F8A06DB9345D778CE2D2782 ". This is actually what the web interface does internally when a user clicks logout: https://github.com/apache/incubator-guacamole-client/blob/02a03c83f0770e4bb6a737eb8ccf1ba72b1486de/guacamole/src/main/webapp/app/auth/service/authenticationService.js#L318-L322 You can see this happen yourself if you log in to Guacamole, open up your browser's dev tools, go to the "network" tab, and look at the request sent when you click "Logout". - Mike
