$Web_End_Ses

From m204wiki
Revision as of 19:04, 26 October 2012 by JAL (talk | contribs) (→‎Usage notes)
Jump to navigation Jump to search

<section begin="desc" />Terminate a logical login session<section end="desc" />

$Web_End_Ses terminates a logical login session maintained via SSLSES or SESCOOKIE.

$Web_End_Ses takes no arguments and returns a status code. It is a callable $function (see "Calling Sirius Mods $functions").

Syntax

<section begin="syntax" />%rc = $Web_End_Ses <section end="syntax" />

Syntax terms

%rc A numeric status code:
Code Meaning
-1 Not a Web Server thread.
0 Session terminated.
1 A Web Server thread but no logical login session.

Usage notes

  • If the port definition indicates SSLSES or SESCOOKIE, Janus Web Server will use SSL session information or session cookie information to do trusted logins for the session's userid. This has many benefits, including avoiding the vagaries of dealing with password changes in HTTP.

    There might be times, however, when it is desirable to force a user to re-enter a password before the session timeout, or even to allow the user to switch to a different userid. In such instances, $Web_End_Ses might be useful to terminate the logical session immediately. $Web_End_Ses, of and by itself, will not cause a password prompt to appear on the user's workstation. An application can force a login pop-ip window to appear at a browser by issuing the following statement after the $Web_End_Ses:

    %X = $Web_Done(401, "Unauthorized")

    The $Web_Done(401) above obviates the need for the $Web_End_Ses, though, because an "unauthorized" status implies a $Web_End_Ses.

    If the session was established from information in a client certificate, $Web_End_Ses will probably be ineffective: it will simply force the NEWSESCMD processing to occur on the next request from the browser, but it will not force or even give the browser a chance to send a new client certificate. To force the client to send a new certificate, you can use $Web_End_SSLSes. If the logical session is being maintained via SSLSES, that is if it's associated with the SSL session, issuing a $Web_End_SSLSes also terminates the logical login session.