· Nov 1, 2016


Has anyone ever used the LogoutAll method in the %CSP.Session class successfully? I'm wondering what I need to do to use it.




Discussion (3)0
Log in or sign up to continue

I think it depends what you want to achieve. This method just logout all users, or particular ones. But you should do something in your application. You should look at logout callback, to know where user is logged out. Or at every request, check if user logged in, if not, redirect to some authentication page. But I think, you should already have the same mehanizm. 

But what else?  How do you run it?  Do you need to be in a %csp session?

I have the %ALL:

%SYS>w $roles

Attempt to run it as a class method:

%SYS>w ##class(%CSP.Session).LogoutAll("laura1") 
W ##CLASS(%CSP.Session).LogoutAll("laura1")


Try it with a session object:

%SYS>s session=##CLASS(%CSP.Session).%OpenId("fBOZJihk0C")
%SYS>w session.LogoutAll("laura1")
 quit $$LogoutAllUserSessions^%SYS.cspServer(username, %request, %response ) }
<UNDEFINED>zLogoutAll+1^%CSP.Session.1 *%request

And from a connected session with the user that needs to logout of all sessions:

ERROR #822: Access Denied

So I'll have to connect to the application as a developer in order to kill off sessions that are causing problems.  The user can't wipe them out himself.  I get a "problem session" if the page times out and the user kills the page; this causes the session to hang around until its timeout, and due to our specific setup, he can't log in again until the session times out or a developer kills it from Session Management. I wanted to give the user the ability to wipe out all of his own sessions.

No need to discuss grouping by sessionId or anything like that - we have a very specific setup such that flags are set and the user can't login again if he kills his page. 


Now, how can I intercept this error and call the logout? That would be better...

image of the kill page or wait fromChrome