Skip to main content
Announcements
Have questions about Qlik Connect? Join us live on April 10th, at 11 AM ET: SIGN UP NOW
cancel
Showing results for 
Search instead for 
Did you mean: 
Daniel_Moore
Former Employee
Former Employee

Signout button & timeout

I'm helping a group that is doing an extranet single sign application using header injection on an IIS webserver.

They are looking for 2 things - a method to ensure a logout after a timeout period, and a 'signout' button that would force the user off.


I read about a sign - out extension object at one point but can't seem to locate it... anyone know where to find it and if it's likely to help? Other pointers? 

1 Solution

Accepted Solutions
Daniel_Moore
Former Employee
Former Employee
Author

After additional research here is what I discovered:

  1. The logout button: if QV is in an iFrame, what if you have a  log out button in the parent html page, and when the user logs out or timeout hits on that page, have code that deletes the AccessPoint session cookie and sends you back to reauthenticate?
  2. Reopening closed windows: "TerminateSession" is an extension that can automatically kill the session without user interaction when the browser or browser tab is closed. This way no one else can reopen a closed browser window and be right back in the session. This leverages a supported API call: http://community.qlik.com/docs/DOC-2853

View solution in original post

4 Replies
sujeetsingh
Master III
Master III

Daniel i think you need expert coding skilss to implement it through macro codes in VBScript of JavaScript

Fredrik_Lautrup
Employee
Employee

I would say that this is in some sense outside of QlikView.

Using header authentication you will inject the username of the user in every request. If you stop injecting the header the user is logged out.

So if these capabilities are build into the component that you use to inject the header i.e. a reverse proxy or a code component of IIS then you should be able to support the behaviour you are looking for.

Daniel_Moore
Former Employee
Former Employee
Author

After additional research here is what I discovered:

  1. The logout button: if QV is in an iFrame, what if you have a  log out button in the parent html page, and when the user logs out or timeout hits on that page, have code that deletes the AccessPoint session cookie and sends you back to reauthenticate?
  2. Reopening closed windows: "TerminateSession" is an extension that can automatically kill the session without user interaction when the browser or browser tab is closed. This way no one else can reopen a closed browser window and be right back in the session. This leverages a supported API call: http://community.qlik.com/docs/DOC-2853
mnu
Employee
Employee

Daniel,

Did you ever get the logout button working? I don't think you can delete the AccessPoint session cookie as it is set to htmlonly to prevent deletion by JavaScript.