Hi Dan, Like I described, as long as you <@PURGE SCOPE=USER>, then the <@USERREFERENCE> key (session- cookie or argument) is reusable by the same browser instance.
According to your log, the person started a new clean session - so I guess I'm confused to what the issue is. Can you give us more detail? -----Original Message----- From: Dan Stein <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Date: Thu, 04 Dec 2003 15:45:23 -0500 Subject: Re: Witango-Talk: Session issues > Well it sounds all fine in theory but in practice I can document is not > working. > > When they log out I do purge the user scope and when they log back in > from > there it takes them to a page the makes uses JavaScript to generate a > random > number for the link to login, does not pace a userreferance with the > link, > and sets a witango session cookie expiration in the past so it should > force > a clean slate. > > They then click enter which passes them to the login taf and passes a > nc > value generated by the JavaScript. > > The form does not pass a userreferance when the log in. > > This according to Ian is pretty much fool proof. > > IT claims it is not caching this site ( I have my doubts) so maybe that > has > something to do with why I see this session issue. > > But I can document what happens because I get an email with a dump of > all > the variables with every log in and log out so as you see below for > example > she logs in as John I then logs out then logs in and Carol but the user > reference is the same. > > > > Sandee does this. > > Logs in > John Iannacone logged in at 12/04/2003/13:13:55 > D28D094187265EC83FCF7958 > _UserReference=D28D094187265EC83FCF7958 > > > Then logs this person out > > John Iannacone logged out at 12/04/2003/14:34:31 > D28D094187265EC83FCF7958 > _UserReference=D28D094187265EC83FCF7958 > D28D094187265EC83FCF7958 > _UserReference=D28D094187265EC83FCF7958 > > > > Then logs in as Carol > > Carole Jones logged in at 12/04/2003/14:34:46 > D28D094187265EC83FCF7958 > _UserReference=D28D094187265EC83FCF7958 > > > Woops the numbers is the same. > > on 12/4/03 15:18, Scott Cadillac at [EMAIL PROTECTED] wrote: > > > Hi Dan, > > > > In theory there is nothing wrong with what this person is doing. > > > > The key to the issue is how deligently you manage the session(s) with > your > > code. > > > > For example, if someone has succesfully logged in, then clicks a link > to go to > > the logon > > page "again" - don't show them the Logon form if they already have > their > > specific "allowed" > > User Scope variables, just show them a Logout button. > > > > This way you force them to close their "session" before starting a > new one. > > > > As long as you do <@PURGE SCOPE=USER> when they logout, then it > doesn't matter > > that they > > start a new "session" with a previously used <@USERREFERENCE> key. > > > > --- > > Another scenario: > > > > If a user has an active session, then starts a new browser instance > from > > scratch (like from > > the computer's Start menu) - there is also nothing wrong with this > because the > > new browser > > isntance will not have any "session-cookies" (previously used or > otherwise). > > > > A single computer can then run two independent sessions (with > different > > <@USERREFERENCE> > > keys) this way, and the two should not interfer with each other. From > a User > > point of view > > it can be confusing, but I test application like this often at it is > reliable > > - at least > > with MS Internet Explorer on Windows. > > > > The one caveat: is when posting to windows with specificaly target > "names" - > > at this point, > > then a page that belongs to one session can potentially crossover and > inherit > > a window (and > > it's associated session) from the other user. > > > > --- > > In summary, a User who wants to open more than one session (of > themselves or > > for other > > people), they should start a new browser instance to do so. If they > don't, you > > just need to > > trap them at the logon form (as described earlier) with your code. > > > > Hope this helps. Cheers...... > > > > Scott Cadillac, > > Witango.org - http://witango.org > > 403-281-6090 - [EMAIL PROTECTED] > > -- > > Information for the Witango Developer Community > > --------------------- > > > > XML-Extranet - http://xmlx.ca > > 403-281-6090 - [EMAIL PROTECTED] > > -- > > Well-formed Development (for hire) > > --------------------- > > > > > > -----Original Message----- > > From: Dan Stein <[EMAIL PROTECTED]> > > To: <[EMAIL PROTECTED]> > > Cc: Robert Shubert <[EMAIL PROTECTED]> > > Date: Thu, 04 Dec 2003 14:48:18 -0500 > > Subject: Witango-Talk: Session issues > > > >> OK at least I have a reason behind the scrambled numbers today. > >> > >> There is one admin user who finds it better to log in as the > specific > >> staff > >> person from here computer than sometimes she remembers to log out > >> sometimes > >> she does not but just logs in again as a new user. So we have > multiple > >> sessions starting from the same machine. > >> > >> Despite what we are doing with the tafs and cache I expect her > session > >> cookie is still alive and so when she logs back in again she will > >> sometimes > >> get the same userreferance number. > >> > >> I have asked her to actually quit IE before logging in as another > >> person but > >> I think I will put that assign action to expire the session cookie > on > >> the > >> log out page also to see if that helps. > >> > >> Any suggestions besides that? > >> > >> > >> -- > >> Dan Stein > >> Digital Software Solutions > >> 799 Evergreen Circle > >> Telford PA 18969 > >> Land: 215-799-0192 > >> Mobile: 610-256-2843 > >> Fax 413-410-9682 > >> FMP, WiTango, EDI,SQL 2000 > >> [EMAIL PROTECTED] > >> www.dss-db.com > >> > >> > >> "When you are born, you cry and those who love you rejoice. And > if > >> you > >> live your life as you should, when you die, you rejoice and those > who > >> love you cry." > >> > >> > _______________________________________________________________________ > >> _ > >> TO UNSUBSCRIBE: Go to http://www.witango.com/maillist.taf > > > > > _______________________________________________________________________ > _ > > TO UNSUBSCRIBE: Go to http://www.witango.com/maillist.taf > > > > -- > Dan Stein > Digital Software Solutions > 799 Evergreen Circle > Telford PA 18969 > Land: 215-799-0192 > Mobile: 610-256-2843 > Fax 413-410-9682 > FMP, WiTango, EDI,SQL 2000 > [EMAIL PROTECTED] > www.dss-db.com > > > "When you are born, you cry and those who love you rejoice. And if > you > live your life as you should, when you die, you rejoice and those who > love you cry." > > _______________________________________________________________________ > _ > TO UNSUBSCRIBE: Go to http://www.witango.com/maillist.taf ________________________________________________________________________ TO UNSUBSCRIBE: Go to http://www.witango.com/maillist.taf
