Qlik Community

QlikView Security & Governance

Discussion Board for collaboration on QlikView Security and Governance.

Employee
Employee

Signout button & timeout

I'm helping a group that is doing an extranet single sign application using header injection on an IIS webserver.

They are looking for 2 things - a method to ensure a logout after a timeout period, and a 'signout' button that would force the user off.


I read about a sign - out extension object at one point but can't seem to locate it... anyone know where to find it and if it's likely to help? Other pointers? 

Tags (3)
1 Solution

Accepted Solutions
Employee
Employee

Re: Signout button & timeout

After additional research here is what I discovered:

  1. The logout button: if QV is in an iFrame, what if you have a  log out button in the parent html page, and when the user logs out or timeout hits on that page, have code that deletes the AccessPoint session cookie and sends you back to reauthenticate?
  2. Reopening closed windows: "TerminateSession" is an extension that can automatically kill the session without user interaction when the browser or browser tab is closed. This way no one else can reopen a closed browser window and be right back in the session. This leverages a supported API call: http://community.qlik.com/docs/DOC-2853
4 Replies
sujeetsingh
Honored Contributor III

Re: Signout button & timeout

Daniel i think you need expert coding skilss to implement it through macro codes in VBScript of JavaScript

Employee
Employee

Re: Signout button & timeout

I would say that this is in some sense outside of QlikView.

Using header authentication you will inject the username of the user in every request. If you stop injecting the header the user is logged out.

So if these capabilities are build into the component that you use to inject the header i.e. a reverse proxy or a code component of IIS then you should be able to support the behaviour you are looking for.

Employee
Employee

Re: Signout button & timeout

After additional research here is what I discovered:

  1. The logout button: if QV is in an iFrame, what if you have a  log out button in the parent html page, and when the user logs out or timeout hits on that page, have code that deletes the AccessPoint session cookie and sends you back to reauthenticate?
  2. Reopening closed windows: "TerminateSession" is an extension that can automatically kill the session without user interaction when the browser or browser tab is closed. This way no one else can reopen a closed browser window and be right back in the session. This leverages a supported API call: http://community.qlik.com/docs/DOC-2853
Employee
Employee

Re: Signout button & timeout

Daniel,

Did you ever get the logout button working? I don't think you can delete the AccessPoint session cookie as it is set to htmlonly to prevent deletion by JavaScript.

Community Browser