4 Replies Latest reply: Aug 2, 2015 1:54 AM by Matt Nunn RSS

    Signout button & timeout

    Daniel Moore

      I'm helping a group that is doing an extranet single sign application using header injection on an IIS webserver.

       

      They are looking for 2 things - a method to ensure a logout after a timeout period, and a 'signout' button that would force the user off.


      I read about a sign - out extension object at one point but can't seem to locate it... anyone know where to find it and if it's likely to help? Other pointers? 

        • Re: Signout button & timeout
          sujeet singh

          Daniel i think you need expert coding skilss to implement it through macro codes in VBScript of JavaScript

          • Re: Signout button & timeout
            Fredrik Lautrup

            I would say that this is in some sense outside of QlikView.

             

            Using header authentication you will inject the username of the user in every request. If you stop injecting the header the user is logged out.

             

            So if these capabilities are build into the component that you use to inject the header i.e. a reverse proxy or a code component of IIS then you should be able to support the behaviour you are looking for.

            • Re: Signout button & timeout
              Daniel Moore

              After additional research here is what I discovered:

              1. The logout button: if QV is in an iFrame, what if you have a  log out button in the parent html page, and when the user logs out or timeout hits on that page, have code that deletes the AccessPoint session cookie and sends you back to reauthenticate?
              2. Reopening closed windows: "TerminateSession" is an extension that can automatically kill the session without user interaction when the browser or browser tab is closed. This way no one else can reopen a closed browser window and be right back in the session. This leverages a supported API call: http://community.qlik.com/docs/DOC-2853