Do not input private or sensitive data. View Qlik Privacy & Cookie Policy.
Skip to main content

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Announcements
Qlik Connect 2026! Turn data into bold moves, April 13 -15: Learn More!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Daniel_Moore
Former Employee
Former Employee
‎2014-06-18 10:22 PM

Signout button & timeout

I'm helping a group that is doing an extranet single sign application using header injection on an IIS webserver.

They are looking for 2 things - a method to ensure a logout after a timeout period, and a 'signout' button that would force the user off.


I read about a sign - out extension object at one point but can't seem to locate it... anyone know where to find it and if it's likely to help? Other pointers? 

3,506 Views
0 Likes
1 Solution

Accepted Solutions
Daniel_Moore
Former Employee
Former Employee
‎2014-06-19 09:36 PM
Author

After additional research here is what I discovered:

  1. The logout button: if QV is in an iFrame, what if you have a  log out button in the parent html page, and when the user logs out or timeout hits on that page, have code that deletes the AccessPoint session cookie and sends you back to reauthenticate?
  2. Reopening closed windows: "TerminateSession" is an extension that can automatically kill the session without user interaction when the browser or browser tab is closed. This way no one else can reopen a closed browser window and be right back in the session. This leverages a supported API call: http://community.qlik.com/docs/DOC-2853

View solution in original post

1,957 Views
0 Likes
4 Replies
sujeetsingh
Master III
Master III
‎2014-06-19 01:48 AM

Daniel i think you need expert coding skilss to implement it through macro codes in VBScript of JavaScript

1,957 Views
0 Likes
Fredrik_Lautrup
Employee
Employee
‎2014-06-19 02:39 AM

I would say that this is in some sense outside of QlikView.

Using header authentication you will inject the username of the user in every request. If you stop injecting the header the user is logged out.

So if these capabilities are build into the component that you use to inject the header i.e. a reverse proxy or a code component of IIS then you should be able to support the behaviour you are looking for.

1,957 Views
Daniel_Moore
Former Employee
Former Employee
‎2014-06-19 09:36 PM
Author

After additional research here is what I discovered:

  1. The logout button: if QV is in an iFrame, what if you have a  log out button in the parent html page, and when the user logs out or timeout hits on that page, have code that deletes the AccessPoint session cookie and sends you back to reauthenticate?
  2. Reopening closed windows: "TerminateSession" is an extension that can automatically kill the session without user interaction when the browser or browser tab is closed. This way no one else can reopen a closed browser window and be right back in the session. This leverages a supported API call: http://community.qlik.com/docs/DOC-2853
1,958 Views
0 Likes
mnu
Employee
Employee
‎2015-08-02 01:54 AM

In response to Daniel_Moore

Daniel,

Did you ever get the logout button working? I don't think you can delete the AccessPoint session cookie as it is set to htmlonly to prevent deletion by JavaScript.

1,957 Views
0 Likes