Forcing logout with NativeSP
Cantor, Scott
cantor.2 at osu.edu
Fri Sep 30 18:14:04 BST 2011
On 9/30/11 2:59 AM, "Stephen Chan" <sychan at lbl.gov> wrote:
>
> I considered doing that earlier but wasn't sure if bypassing the
> logout handler was well advised. So just clearing the cookies
> containing "_shibsession_" would do the trick? I don't necessarily
> know all the cookies generated by the app and its collection of
> subpackages.
You may not clean the cookie solely based on the name. I will not
guarantee that the name will be the same, that¹s not a public API. If you
don't know the other cookies enough to know which are which, then no, that
would not work.
As far as what's advisable, if you don't care about freeing the session
from memory before it's kicked out by heuristics, then clearing the cookie
is enough to orphan the session.
-- Scott
More information about the users
mailing list