$Web End Ses: Difference between revisions

From m204wiki
Jump to navigation Jump to search
(Automatically generated page update)
 
(3 intermediate revisions by one other user not shown)
Line 1: Line 1:
{{DISPLAYTITLE:$Web_End_Ses}}
{{DISPLAYTITLE:$Web_End_Ses}}
<span class="pageSubtitle"><section begin="desc" />Terminate a logical login session<section end="desc" /></span>
<span class="pageSubtitle">Terminate a logical login session</span>


<var>$Web_End_Ses</var> terminates a logical login session maintained via SSLSES or SESCOOKIE.
<var>$Web_End_Ses</var> terminates a logical login session maintained via SSLSES or SESCOOKIE.


<var>$Web_End_Ses</var> takes no arguments and returns a status code. It is a [[Calling Sirius Mods $functions|callable]] $function (see [[Calling_Sirius_Mods_$functions|"Calling Sirius Mods $functions"]]).
<var>$Web_End_Ses</var> takes no arguments and returns a status code. It is a [[Calling Sirius Mods $functions|callable]] $function.


==Syntax==
==Syntax==
<p class="syntax"><section begin="syntax" /><span class="term">%rc</span> = $Web_End_Ses
<p class="syntax"><span class="term">%rc</span> = $Web_End_Ses
<section end="syntax" /></p>
</p>


===Syntax terms===
===Syntax terms===

Latest revision as of 14:55, 9 April 2013

Terminate a logical login session

$Web_End_Ses terminates a logical login session maintained via SSLSES or SESCOOKIE.

$Web_End_Ses takes no arguments and returns a status code. It is a callable $function.

Syntax

%rc = $Web_End_Ses

Syntax terms

%rc A numeric status code:
Code Meaning
-1 Not a Web Server thread.
0 Session terminated.
1 A Web Server thread but no logical login session.

Usage notes

  • If the port definition indicates SSLSES or SESCOOKIE, Janus Web Server will use SSL session information or session cookie information to do trusted logins for the session's userid. This has many benefits, including avoiding the vagaries of dealing with password changes in HTTP.

    There might be times, however, when it is desirable to force a user to re-enter a password before the session timeout, or even to allow the user to switch to a different userid. In such instances, $Web_End_Ses might be useful to terminate the logical session immediately. $Web_End_Ses, of and by itself, will not cause a password prompt to appear on the user's workstation. An application can force a login pop-ip window to appear at a browser by issuing the following statement after the $Web_End_Ses:

    %X = $Web_Done(401, "Unauthorized")

    The $Web_Done(401) above obviates the need for the $Web_End_Ses, though, because an "unauthorized" status implies a $Web_End_Ses.

    If the session was established from information in a client certificate, $Web_End_Ses will probably be ineffective: it will simply force the NEWSESCMD processing to occur on the next request from the browser, but it will not force or even give the browser a chance to send a new client certificate. To force the client to send a new certificate, you can use $Web_End_SSLSes. If the logical session is being maintained via SSLSES, that is if it's associated with the SSL session, issuing a $Web_End_SSLSes also terminates the logical login session.