How to logout from all the opened web applications through the logout button in the portal?

Asked 19/1, 2014 at 12:32 Answered 6/2, 2014 at 10:8

I i use the post method to open different web sites through my portal like this :

In my portal main page :

<form method="post" target="_blank" action="">
<input id="Hdn_r" name="Hdn" type="hidden" value="55622"> 
.....
</form>

then in the main page of any site opened through the portal i do the following check :

var hr = HttpContext.Current.Request.UrlReferrer;
        if (hr != null && !string.IsNullOrEmpty(hr.AbsolutePath))
        {
            if (Request.UrlReferrer.AbsolutePath.Contains("Portal"))
            {

                if (Request.Form["Hdn_r"] != null && !string.IsNullOrEmpty(Request.Form["Hdn_r"].ToString())
                   && Request.Form["Hdn_a"] != null && !string.IsNullOrEmpty(Request.Form["Hdn_a"].ToString()) &&
                   Request.Form["Hdn_b"] != null && !string.IsNullOrEmpty(Request.Form["Hdn_b"].ToString()) &&
                   Request.Form["Hdn_c"] != null && !string.IsNullOrEmpty(Request.Form["Hdn_c"].ToString())
                   )
                {

                  Session["emp_num"]= int.Parse(Request.Form["Hdn_r"].ToString());
                //...........

My question is :

How to logout from all the opened web sites through one click in the logout button in my portal ?

Say i open three web sites through my portal , i want when i logout(in the portal) to log me out from all the opened applications ?

Note: the different web sites in the portal published in different servers .

Tonguelash answered 19/1, 2014 at 12:32 Comment(1)

possible duplicate of Multiple websites, Single sign-on design – Quartered 22/1, 2014 at 2:51

Create a logout page in all your websites. Then, when you want to logout, call those logout pages with ajax. Or make httprequests to that logout pages. You cannot logout directly because they are not on same domain and one site cannot alter session of another site.

Irreparable answered 21/1, 2014 at 16:13 Comment(0)

Why don't you try making the right POST requests targeting all you websites, in order to loggout programmatically ?

See http://msdn.microsoft.com/en-us/library/system.net.httpwebrequest(v=vs.110).aspx

Mireyamiriam answered 19/1, 2014 at 12:37 Comment(2)

This's is the case , i want some solution to the problem in the current state – Tonguelash 19/1, 2014 at 12:40

Well since you know the website you are opening (I guess) you know how to login, so you should be able to logout as the same way right (I mean simulate the request done by the "logout" button) ? – Mireyamiriam 19/1, 2014 at 12:50

You couldn't get Session of one website in another one. Different websites have different session states. Also if you want to resolve above problem, then make use of Cookies in your application. Cookies details are stored in browser and that can be globally accessible for all websites. When you are logging into your portal create a cookie with your login credentials and if when you click on any website link that provided on your website portal, use your cookie information to logging in. Finally if you click on any logout button clear your cookie information. Just try this.

Obla answered 27/1, 2014 at 12:7 Comment(0)

the first question is how do you manage your connection. ?

One thing could be a status flag that is check in a front controller of any page, and if the flag is false you redirect to login page and you kill all the session data.

Spiro answered 28/1, 2014 at 12:53 Comment(0)

Do you really have a concept of what it means to be "logged in" ?

As far as I can see your user is just logged in, via a hidden Session variable - so as soon as he closes the browser window of any of these pages, he is no longer logged in. Because if he would open the page again without the hidden session Variable he is not logged in.

I would proceed like most SSO-Solutions (e.g. Shibboleth) - There is no such thing as "Log out" you have an active Session, in which you are identified as a certain User by a SSO Service verifying your credentials - when you close this session and open a new one, you have to be verified again. If you are not verified again, you visit the page as an anonymous User in the new Session which is - as far as user experience is concerned the same as being 'logged out'

A logout is usually just the deletion of a cookie (if cookies are in use, and even then not always) and invalidating the current session-token on the server. But this is not true for many services (especially single-sign-on-solutions) which just make the User believe he has 'logged out' by resetting him to a new session, where he is not yet verified by the SSO-Server.

Tibia answered 6/2, 2014 at 10:8 Comment(0)

Without going into the details of your implementation approach, you can open a new window by name and make its name as your form target (sample), you need to do the following changes:

Update your login button to post using javascript:

// holds the list of opened websites, used later for logout.
var openedWebsites = [];

function login(siteName) {
  openedWebsites.push(siteName);
  var windowName = siteName + "_window";
  //assuming you name your forms as "{sitename}_loginForm"
  var loginForm = siteName + "_loginForm";

  var form = document.getElementById(loginForm);
  form.target = windowName;
  window.open("",windowName);
  form.submit();
}

Then make your logout button post a logout request to each window:

function logout(){
  for(var x=0;x<openedWebsites.length;x++){
    var siteName = openedWebsites[x]; 
    var windowName = siteName + "_window";
    //assuming you name your forms as "{sitename}_logoutForm"
    var logoutForm = siteName + "_logoutForm";

    var form = document.getElementById(logoutForm);
    form.target = windowName;
    form.submit();
    }
}

Perigon answered 5/2, 2014 at 22:2 Comment(0)

Recommended topics

Hot tags