LogoutAll

Answers

I think it depends what you want to achieve. This method just logout all users, or particular ones. But you should do something in your application. You should look at logout callback, to know where user is logged out. Or at every request, check if user logged in, if not, redirect to some authentication page. But I think, you should already have the same mehanizm. 

You need the %All role to run this, per the following documentation: http://docs.intersystems.com/latest/csp/documatic/%25CSP.Documatic.cls?P...

But what else?  How do you run it?  Do you need to be in a %csp session?

I have the %ALL:

%SYS>w $roles
%All

Attempt to run it as a class method:

%SYS>w ##class(%CSP.Session).LogoutAll("laura1") 
W ##CLASS(%CSP.Session).LogoutAll("laura1")
^
<METHOD DOES NOT EXIST> *LogoutAll,%CSP.Session
%SYS>

 

Try it with a session object:

%SYS>s session=##CLASS(%CSP.Session).%OpenId("fBOZJihk0C")
 
%SYS>w session.LogoutAll("laura1")
 
 quit $$LogoutAllUserSessions^%SYS.cspServer(username, %request, %response ) }
 ^
<UNDEFINED>zLogoutAll+1^%CSP.Session.1 *%request
 

And from a connected session with the user that needs to logout of all sessions:

ERROR #822: Access Denied
%SYS>

So I'll have to connect to the application as a developer in order to kill off sessions that are causing problems.  The user can't wipe them out himself.  I get a "problem session" if the page times out and the user kills the page; this causes the session to hang around until its timeout, and due to our specific setup, he can't log in again until the session times out or a developer kills it from Session Management. I wanted to give the user the ability to wipe out all of his own sessions.

No need to discuss grouping by sessionId or anything like that - we have a very specific setup such that flags are set and the user can't login again if he kills his page. 

 

Now, how can I intercept this error and call the logout? That would be better...

image of the kill page or wait fromChrome

Thanks,

Laura