[tbnl-devel] destroying a session?
Jim Prewett
download at hpc.unm.edu
Tue Dec 27 12:36:42 UTC 2005
Thanks Edi!
That makes more sense!
Jim
James E. Prewett Jim at Prewett.org download at hpc.unm.edu
Systems Team Leader LoGS: http://www.hpc.unm.edu/~download/LoGS/
Designated Security Officer OpenPGP key: pub 1024D/31816D93
HPC Systems Engineer III UNM HPC 505.277.8210
On Mon, 26 Dec 2005, Edi Weitz wrote:
> On Mon, 26 Dec 2005 05:44:48 -0700 (MST), Jim Prewett <download at hpc.unm.edu> wrote:
>
> > I'm trying to implement some sort of "logout" functionality right
> > now, but don't see a clear way to do it. What I've come up with is
> > setting the session-max-time to 0. Is there a better way to do
> > this?
>
> I think you're confusing the existence of a session with the fact that
> someone is "logged in" - I'd say that these concepts are related but
> not the same. If the code for the website uses TBNL's session
> facilities then users will always have a session associated with them.
> That doesn't mean they're logged in. Usually, you'll have a login
> page where users have to identify themselves by entering a name and a
> password or somesuch. Once you've validated their input you you'll
> change the session object - something like
>
> (setf (session-value 'authorized) t)
>
> or whatever. Now, on subsequent pages you just check for
>
> (session-value 'authorized)
>
> to see if you have to redirect them to the login page. To log them
> out you just use
>
> (setf (session-value 'authorized) nil)
>
> or
>
> (delete-session-value 'authorized)
>
> and that's it. Does that make sense? Do other TBNL users have
> different means to achieve this goal?
>
> Cheers,
> Edi.
>
More information about the Tbnl-devel
mailing list