06-12-2018, 06:21 PM
(06-12-2018, 05:54 AM)mschumann Wrote: I do not redirect at all, I just terminate the session. What I would like to achieve ist the user to require a fresh login.
If this is not doable with basic authentication I will create my own login mechanism and clear the credentials. Using the auther component is just very comforable.
How are your users restarting the session? Are you allowing multiple sessions on the workstation? (AllowMultipleSessions:=true?).
Instead of just .Terminate, use .TerminateAndRedirect(myURL) to get them to a neutral (not IWForm) page. That should keep your (now signed off) IWForm from accessing the session.
If they are accessing it another way (like a shortcut), you might try killing/overwriting the session cookie when you log them off which will remove the session reference. That's an idea that should work, but I haven't tried it.
Knowing how your sessions are managed, and how your users are restarting, would help.
Dan