We use QlikView embedded to our software site and authentication is done by our software. User session is given a WebTicket that opens the document for the user with OpenDoc.htm.
If the user logs out of our software, but then types in the OpenDoc.htm URL that was used to retrieve the document to the site, they are still able to open the document (https://domain.address.com/QvAJAXZfc/opendoc.htm?document=DocumentName.qvw&host=QVS%40qvtest11 for example) This is a small security issue we try to remove.
Is there an API command we could use that would end the session completely? Has someone build a similar solution?