Discussion Board for collaboration on QlikView Security and Governance.
We use QlikView embedded to our software site and authentication is done by our software. User session is given a WebTicket that opens the document for the user with OpenDoc.htm.
If the user logs out of our software, but then types in the OpenDoc.htm URL that was used to retrieve the document to the site, they are still able to open the document (https://domain.address.com/QvAJAXZfc/opendoc.htm?document=DocumentName.qvw&host=QVS%40qvtest11 for example) This is a small security issue we try to remove.
Is there an API command we could use that would end the session completely? Has someone build a similar solution?
This is an issue with IE remembering the users login information. If the user closes IE then the ticket is also closed and the user can't get to the URL without getting a new ticket.