By default Xataface don't destroy the user session if the Browser is closed. Session expires only if the user force (click) the logout button.
If we use switch_user module, Logged-in from another account, close the browser and hit the login URL again after opening a browser, the system will ask for username and password but it doesn't process the entered username and password in Dataface/AuthenticationTool.php and instead it picks the last Logged-in user and by pass the entered information on Login Screen.
Can you please explain the working principle applied in Xataface and provide any solution to expire/destroy previous Logged-in user session if new credentials are entered on login screen. Please explain how we can achieve this functionality.
Greetings,
By default Xataface don't destroy the user session if the Browser is closed. Session expires only if the user force (click) the logout button.
If we use switch_user module, Logged-in from another account, close the browser and hit the login URL again after opening a browser, the system will ask for username and password but it doesn't process the entered username and password in Dataface/AuthenticationTool.php and instead it picks the last Logged-in user and by pass the entered information on Login Screen.
Can you please explain the working principle applied in Xataface and provide any solution to expire/destroy previous Logged-in user session if new credentials are entered on login screen. Please explain how we can achieve this functionality.