Xataface Session Not Destroy on Browser Close and Pick Last logged in user

Question

Xataface Session Not Destroy on Browser Close and Pick Last logged in user

muzafar opened this issue 5 years ago · 2 comments

Greetings,

By default Xataface don't destroy the user session if the Browser is closed. Session expires only if the user force (click) the logout button.

If we use switch_user module, Logged-in from another account, close the browser and hit the login URL again after opening a browser, the system will ask for username and password but it doesn't process the entered username and password in Dataface/AuthenticationTool.php and instead it picks the last Logged-in user and by pass the entered information on Login Screen.

Can you please explain the working principle applied in Xataface and provide any solution to expire/destroy previous Logged-in user session if new credentials are entered on login screen. Please explain how we can achieve this functionality.

Answer 1 · 2019-09-16T12:01:51.000Z

@shannah Any updates on this?

Answer 2 · 2019-09-16T12:05:33.000Z

You can do this yourself using a keep-alive strategy.

https://stackoverflow.com/a/24402832