Hello, Working on implementing custom security filter... I ran into an issue.
Issue: Want to invalidate user session upon click on logoff in Dashboard. Below is the code..When user clicks on logoff in BID banner.. uri doesn't see "/logoff" in request submitted to WF Client. All I see is "http://servername/ibi_apps/controller" in request. How to capture/catch logoff action in BID?
any suggestions would be helpful.
String uri = httpServletRequest.getRequestURI(); if (uri != null) { if (uri.indexOf("/logoff") >= 0) { session.removeAttribute("IBUser"); httpServletRequest.getSession(false).invalidate(); return; } }
WF Client Environment: WF 7703 ThanksThis message has been edited. Last edited by: <Kathryn Henning>,
Prod: WF 7.6.10 windows. -- MRE/Dashboard/Self Service/ReportCaster - Windows XP
August 13, 2013, 07:17 AM
dhagen
I believe the log off already invalidates the session. What you should focus on is invalidating the session when it is a new logon from the same machine when the previous user does not logoff properly. I usually do the invalidate as part of the logon. If the IBUser parameter NE IBUser attribute, then invalidate.
"There is no limit to what you can achieve ... if you don’t care who gets the credit." Roger Abbott
August 23, 2013, 03:08 PM
TryFocus
Hi Dhagen, Thank you for suggestion...Have implemented and issue is resolved..sorry forgot to update.
Thanks
Prod: WF 7.6.10 windows. -- MRE/Dashboard/Self Service/ReportCaster - Windows XP