If I logout a user from it's session (session.logoutSessionUser()), the session is still existing with an "unknown user".

    ISecurityManager secMgr = SecurityManager.getSecurityManager();
    for (ISession ssn : secMgr.getSessions()) {
        if (ssn.getSessionUserName().equalsIgnoreCase("xyz")) {
            ssn.logoutSessionUser();
        }           
    }

The session disappears only after a timeout (that might be the timeout defined in the tomcat configuration)

However: Is there a way to close/kill a session immediately after logging out a user?

asked 27.03 at 08:02

Stefan's gravatar image

Stefan
1264611
accept rate: 60%

edited 27.03 at 08:02


Hi Stefan

Do you want to destroy the ivy session or the http session? You can destroy the ivy session by using the following API:

ssn.getSecurityContext().destroySession(ssn.getIdentifier());

The http session will not be destroyed by this call. However, there is an open issue XIVY-1091 in our issues database for this.

Regards

Reto Weiss, Axon.ivy Support

link

answered 27.03 at 10:30

Reto%20Weiss's gravatar image

Reto Weiss ♦♦
4.8k172554
accept rate: 74%

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "Title")
  • image?![alt text](/path/img.jpg "Title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Tags:

×14

Asked: 27.03 at 08:02

Seen: 75 times

Last updated: 27.03 at 10:30