Well it sounds all fine in theory but in practice I can document is not working.
When they log out I do purge the user scope and when they log back in from there it takes them to a page the makes uses JavaScript to generate a random number for the link to login, does not pace a userreferance with the link, and sets a witango session cookie expiration in the past so it should force a clean slate. They then click enter which passes them to the login taf and passes a nc value generated by the JavaScript. The form does not pass a userreferance when the log in. This according to Ian is pretty much fool proof. IT claims it is not caching this site ( I have my doubts) so maybe that has something to do with why I see this session issue. But I can document what happens because I get an email with a dump of all the variables with every log in and log out so as you see below for example she logs in as John I then logs out then logs in and Carol but the user reference is the same. Sandee does this. Logs in John Iannacone logged in at 12/04/2003/13:13:55 D28D094187265EC83FCF7958 _UserReference=D28D094187265EC83FCF7958 Then logs this person out John Iannacone logged out at 12/04/2003/14:34:31 D28D094187265EC83FCF7958 _UserReference=D28D094187265EC83FCF7958 D28D094187265EC83FCF7958 _UserReference=D28D094187265EC83FCF7958 Then logs in as Carol Carole Jones logged in at 12/04/2003/14:34:46 D28D094187265EC83FCF7958 _UserReference=D28D094187265EC83FCF7958 Woops the numbers is the same. on 12/4/03 15:18, Scott Cadillac at [EMAIL PROTECTED] wrote: > Hi Dan, > > In theory there is nothing wrong with what this person is doing. > > The key to the issue is how deligently you manage the session(s) with your > code. > > For example, if someone has succesfully logged in, then clicks a link to go to > the logon > page "again" - don't show them the Logon form if they already have their > specific "allowed" > User Scope variables, just show them a Logout button. > > This way you force them to close their "session" before starting a new one. > > As long as you do <@PURGE SCOPE=USER> when they logout, then it doesn't matter > that they > start a new "session" with a previously used <@USERREFERENCE> key. > > --- > Another scenario: > > If a user has an active session, then starts a new browser instance from > scratch (like from > the computer's Start menu) - there is also nothing wrong with this because the > new browser > isntance will not have any "session-cookies" (previously used or otherwise). > > A single computer can then run two independent sessions (with different > <@USERREFERENCE> > keys) this way, and the two should not interfer with each other. From a User > point of view > it can be confusing, but I test application like this often at it is reliable > - at least > with MS Internet Explorer on Windows. > > The one caveat: is when posting to windows with specificaly target "names" - > at this point, > then a page that belongs to one session can potentially crossover and inherit > a window (and > it's associated session) from the other user. > > --- > In summary, a User who wants to open more than one session (of themselves or > for other > people), they should start a new browser instance to do so. If they don't, you > just need to > trap them at the logon form (as described earlier) with your code. > > Hope this helps. Cheers...... > > Scott Cadillac, > Witango.org - http://witango.org > 403-281-6090 - [EMAIL PROTECTED] > -- > Information for the Witango Developer Community > --------------------- > > XML-Extranet - http://xmlx.ca > 403-281-6090 - [EMAIL PROTECTED] > -- > Well-formed Development (for hire) > --------------------- > > > -----Original Message----- > From: Dan Stein <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Cc: Robert Shubert <[EMAIL PROTECTED]> > Date: Thu, 04 Dec 2003 14:48:18 -0500 > Subject: Witango-Talk: Session issues > >> OK at least I have a reason behind the scrambled numbers today. >> >> There is one admin user who finds it better to log in as the specific >> staff >> person from here computer than sometimes she remembers to log out >> sometimes >> she does not but just logs in again as a new user. So we have multiple >> sessions starting from the same machine. >> >> Despite what we are doing with the tafs and cache I expect her session >> cookie is still alive and so when she logs back in again she will >> sometimes >> get the same userreferance number. >> >> I have asked her to actually quit IE before logging in as another >> person but >> I think I will put that assign action to expire the session cookie on >> the >> log out page also to see if that helps. >> >> Any suggestions besides that? >> >> >> -- >> Dan Stein >> Digital Software Solutions >> 799 Evergreen Circle >> Telford PA 18969 >> Land: 215-799-0192 >> Mobile: 610-256-2843 >> Fax 413-410-9682 >> FMP, WiTango, EDI,SQL 2000 >> [EMAIL PROTECTED] >> www.dss-db.com >> >> >> "When you are born, you cry and those who love you rejoice. And if >> you >> live your life as you should, when you die, you rejoice and those who >> love you cry." >> >> _______________________________________________________________________ >> _ >> TO UNSUBSCRIBE: Go to http://www.witango.com/maillist.taf > > ________________________________________________________________________ > TO UNSUBSCRIBE: Go to http://www.witango.com/maillist.taf > -- Dan Stein Digital Software Solutions 799 Evergreen Circle Telford PA 18969 Land: 215-799-0192 Mobile: 610-256-2843 Fax 413-410-9682 FMP, WiTango, EDI,SQL 2000 [EMAIL PROTECTED] www.dss-db.com "When you are born, you cry and those who love you rejoice. And if you live your life as you should, when you die, you rejoice and those who love you cry." ________________________________________________________________________ TO UNSUBSCRIBE: Go to http://www.witango.com/maillist.taf
