[tbnl-devel] destroying a session?
Edi Weitz
edi at agharta.de
Mon Dec 26 13:23:46 UTC 2005
On Mon, 26 Dec 2005 05:44:48 -0700 (MST), Jim Prewett <download at hpc.unm.edu> wrote:
> I'm trying to implement some sort of "logout" functionality right
> now, but don't see a clear way to do it. What I've come up with is
> setting the session-max-time to 0. Is there a better way to do
> this?
I think you're confusing the existence of a session with the fact that
someone is "logged in" - I'd say that these concepts are related but
not the same. If the code for the website uses TBNL's session
facilities then users will always have a session associated with them.
That doesn't mean they're logged in. Usually, you'll have a login
page where users have to identify themselves by entering a name and a
password or somesuch. Once you've validated their input you you'll
change the session object - something like
(setf (session-value 'authorized) t)
or whatever. Now, on subsequent pages you just check for
(session-value 'authorized)
to see if you have to redirect them to the login page. To log them
out you just use
(setf (session-value 'authorized) nil)
or
(delete-session-value 'authorized)
and that's it. Does that make sense? Do other TBNL users have
different means to achieve this goal?
Cheers,
Edi.
More information about the Tbnl-devel
mailing list