Hi, I'm building a small webspeed application and I'm trying to build a log-out mechanism. I thought it would be easy, but it seems that I'm missing some things. The user logs into the application. On the serverside there's a .p that checks the credentials and adds a record in a database table with session information (username, login date and time, a session id and expiration date/time. When the user press log-out in the webspeed application, again a .p on the server side that sets the expiration date/time to the time the logout occured. So the session is not valid anymore and I show the login.html screen again. But then when the user presses the back-button in the browser he gets again to the page where he logged out. That html-file has some webspeedscripting, checking if the session is still valid, but that's not executed when he just press back. Seems logic because the back-button only shows the previous page. Question is now, how can I override this behaviour. How can I check if the session in webspeed script is stil valid when the user presses the back-buttons. It seems easy, but I have been trying and searching for the last three days, but with no succes. Any suggestion ? Kind regards Bart S.
Flag this post as spam/abuse.
Hi Matt,
Thanks for your response !
May i ask a few questions.
The code with response.setheader( .....) javascript function, where do I need to place that ? And do I need to call that function when the user presses the 'log out'-link ? (onclick event).
About the cookie, if I understand you, I would need to delete-cookie in the logout.p (where I set expiration date/time) and then in every page check if the cookie exists in javascript ? The logout.p on the server side calls the LogIn.html file.
How could I use document.location.replace ? The users presses the 'log out' button, and the logout.p is called. At that point when I'm in logout.p i can't set document.location.replace because I'm in a pure progress .p.
Kind regards
Bart S.
Hi Matt,
Thanks for the clear example and I implemented it, I've got it working but not completely. I think it has something to do with my handling of the html-files.
What I do :
User goes to the login page : wsLogin.html
He presses 'login' in the wsLogin.html file : <form method="post" action="Login.r">
So Login.r (just a .p on the server is called). The validation happens in that .r and the sessionID is set. In the .p when the validation is correct I do :
RUN run-web-object IN web-utilities-hdl("wsMainUsr.html").
So I call the main menu.
In the main menu when the user clicks 'log out' I added as you suggested :
< button onclick="location.replace('/wslogout.html');">logout</button>
wslogout.html is called and in that html-file I placed the code you suggested.
Than it works !!! The user gets the login page again and he can't press the back button. The wslogin.html is called every time I press the back button. So far so good.
But it's not working in the following scenario :
User logs in : wsLogin.html -> server side login.r -> show wsMainUsr.html.
Then user presses a menu-item i.e. 'employees', so my wsEmployee.html file is called. When he presses in wsEmployee.html file the 'log out' button i do exactly the same as in wsMainUsr.html. The user gets back in the login page (wsLogin.html). When I then press back he gets the login.r in his url and he's back on the main menu (wsMainUsr.html) ....
The url at that points is : http://localhost/dplan.init/login.r
I must do something wrong, but I really don't know how to solve it ...
Any suggestions ...
Kind regards,
Bart S.