search

shannah / xataface

Framework for building data-driven web applications in PHP and MySQL
http://xataface.com
GNU General Public License v2.0
134 stars 57 forks source link

Xataface Session Not Destroy on Browser Close and Pick Last logged in user #110

Open muzafar opened 5 years ago

muzafar commented 5 years ago

Greetings,

By default Xataface don't destroy the user session if the Browser is closed. Session expires only if the user force (click) the logout button.

If we use switch_user module, Logged-in from another account, close the browser and hit the login URL again after opening a browser, the system will ask for username and password but it doesn't process the entered username and password in Dataface/AuthenticationTool.php and instead it picks the last Logged-in user and by pass the entered information on Login Screen.

Can you please explain the working principle applied in Xataface and provide any solution to expire/destroy previous Logged-in user session if new credentials are entered on login screen. Please explain how we can achieve this functionality.

muzafar commented 4 years ago

@shannah Any updates on this?

shannah commented 4 years ago

You can do this yourself using a keep-alive strategy.

https://stackoverflow.com/a/24402832