Posté le 22 juin 2022 - 12:49 |
Hi...
I have a routine where a make a reset of all the variables of the session, and then redirect to the login Page.
PROCEDURE limparVariaveis()
IF gstUtilizador.gsessionid <> -1 THEN
HReadSeek(Security_SessionsWeb,UserId,gstUtilizador.gsUserid)
HDelete(Security_SessionsWeb)
VariableReset(gstUtilizador)
VariableReset(gsMenu)
ContextClose(PAGE_LoginU)
//APAGAR A SESSAO DA BD
RESULT 1
ELSE
RESULT -1
END
But after the redirect, the page indeed goes to the login page, but the url stays equal to the last page where i did de logout.
If i click the "enter", the browser goes to the page in the url, without doing the login....
In each page, i have i procedure to check, if the user as the right to acess the page,
PROCEDURE PRC_VALIDA_USER()
//VERIFICAR SE O USER TEM SESSAO INICIADA COM SUCESSO. PARA ISSO TEMOS QUE VALIDAR A TABELA SessionWeb
sEarchkey is string
sEarchkey = HFilter(Security_SessionsWeb,"UserId='" + gstUtilizador.gsUserid + "' and SessionId='" + gstUtilizador.gsessionid + "'")
HReadFirst(Security_SessionsWeb,sEarchkey)
IF HFound() = False THEN
//redireccionar para a pagina de login terminar programa
EDT_Aux="-1"
gsMensagemerroglobal ="Não tem sessao inicida no sistema"
PageDisplay(PAGE_LoginU)
RESULT -1 //sem token associado
END
//nesta fase o user tem sessao iniciada, podemos consultar as variaveis globais do user e validar
//1- validar se excedeu o timeout, caso tenho, informar e enviar para login, caso contrário atualizamos o timestamp na tabela Security_sessionWeb
HReadFirst(Security_SessionWebTimeout)
//sMyDuration is string
tempoactual is string = SysDateTime()
//sMyDuration = DateTimeDifference(left(tempoactual,14), (left(Security_SessionsWeb.Timestamp,14)))
nMinutosInicioSessao is int = Val(Middle(Security_SessionsWeb.Timestamp,9,2)) * 60 + Val(Middle(Security_SessionsWeb.Timestamp,11,2))
nMinutosActual is int = Val(Middle(tempoactual,9,2)) * 60 + Val(Middle(tempoactual,11,2))
timeout is int = Val(Security_SessionWebTimeout.timeout) / 60
sIf1 is string = Left(tempoactual,
sIf2 is string = Left(Security_SessionsWeb.Timestamp,
//assumimos q o timeout nc sera superior a 24h.
IF Left(tempoactual, = Left(Security_SessionsWeb.Timestamp, AND (nMinutosActual-nMinutosInicioSessao < timeout )THEN
Security_SessionsWeb.Timestamp = DateSys() + TimeSys()
HModify(Security_SessionsWeb)
ELSE
//timeoutexcido
EDT_Aux="-2"
gsMensagemerroglobal = "A sua sessao excedeu o tempo máximo permitido. Faça novamente login"
HDelete(Security_SessionsWeb)
PageDisplay(PAGE_LoginU)
RESULT -2 //tmeoutexecedido
END |
| |
| |
|