Alpha Software Mobile Development Tools:   Alpha Anywhere    |   Alpha TransForm subscribe to our YouTube Channel  Follow Us on LinkedIn  Follow Us on Twitter  Follow Us on Facebook
Devcon 2020 Goes Virtual! LEARN MORE >

Announcement

Collapse

The Alpha Software Forum Participation Guidelines

The Alpha Software Forum is a free forum created for Alpha Software Developer Community to ask for help, exchange ideas, and share solutions. Alpha Software strives to create an environment where all members of the community can feel safe to participate. In order to ensure the Alpha Software Forum is a place where all feel welcome, forum participants are expected to behave as follows:
  • Be professional in your conduct
  • Be kind to others
  • Be constructive when giving feedback
  • Be open to new ideas and suggestions
  • Stay on topic


Be sure all comments and threads you post are respectful. Posts that contain any of the following content will be considered a violation of your agreement as a member of the Alpha Software Forum Community and will be moderated:
  • Spam.
  • Vulgar language.
  • Quotes from private conversations without permission, including pricing and other sales related discussions.
  • Personal attacks, insults, or subtle put-downs.
  • Harassment, bullying, threatening, mocking, shaming, or deriding anyone.
  • Sexist, racist, homophobic, transphobic, ableist, or otherwise discriminatory jokes and language.
  • Sexually explicit or violent material, links, or language.
  • Pirated, hacked, or copyright-infringing material.
  • Encouraging of others to engage in the above behaviors.


If a thread or post is found to contain any of the content outlined above, a moderator may choose to take one of the following actions:
  • Remove the Post or Thread - the content is removed from the forum.
  • Place the User in Moderation - all posts and new threads must be approved by a moderator before they are posted.
  • Temporarily Ban the User - user is banned from forum for a period of time.
  • Permanently Ban the User - user is permanently banned from the forum.


Moderators may also rename posts and threads if they are too generic or do not property reflect the content.

Moderators may move threads if they have been posted in the incorrect forum.

Threads/Posts questioning specific moderator decisions or actions (such as "why was a user banned?") are not allowed and will be removed.

The owners of Alpha Software Corporation (Forum Owner) reserve the right to remove, edit, move, or close any thread for any reason; or ban any forum member without notice, reason, or explanation.

Community members are encouraged to click the "Report Post" icon in the lower left of a given post if they feel the post is in violation of the rules. This will alert the Moderators to take a look.

Alpha Software Corporation may amend the guidelines from time to time and may also vary the procedures it sets out where appropriate in a particular case. Your agreement to comply with the guidelines will be deemed agreement to any changes to it.



Bonus TIPS for Successful Posting

Try a Search First
It is highly recommended that a Search be done on your topic before posting, as many questions have been answered in prior posts. As with any search engine, the shorter the search term, the more "hits" will be returned, but the more specific the search term is, the greater the relevance of those "hits". Searching for "table" might well return every message on the board while "tablesum" would greatly restrict the number of messages returned.

When you do post
First, make sure you are posting your question in the correct forum. For example, if you post an issue regarding Desktop applications on the Mobile & Browser Applications board , not only will your question not be seen by the appropriate audience, it may also be removed or relocated.

The more detail you provide about your problem or question, the more likely someone is to understand your request and be able to help. A sample database with a minimum of records (and its support files, zipped together) will make it much easier to diagnose issues with your application. Screen shots of error messages are especially helpful.

When explaining how to reproduce your problem, please be as detailed as possible. Describe every step, click-by-click and keypress-by-keypress. Otherwise when others try to duplicate your problem, they may do something slightly different and end up with different results.

A note about attachments
You may only attach one file to each message. Attachment file size is limited to 2MB. If you need to include several files, you may do so by zipping them into a single archive.

If you forgot to attach your files to your post, please do NOT create a new thread. Instead, reply to your original message and attach the file there.

When attaching screen shots, it is best to attach an image file (.BMP, .JPG, .GIF, .PNG, etc.) or a zip file of several images, as opposed to a Word document containing the screen shots. Because Word documents are prone to viruses, many message board users will not open your Word file, therefore limiting their ability to help you.

Similarly, if you are uploading a zipped archive, you should simply create a .ZIP file and not a self-extracting .EXE as many users will not run your EXE file.
See more
See less

Session ID

Collapse
X
Collapse
 
  • Page of 1
  • Filter
  • Time
  • Show
Clear All
new posts
Previous template Next
    #1

    Session ID

    How do you cancel or destroy a session when the user closes out his browser? What I'm trying to prevent is if a user logs in and establishes a session and closes out the browser, another person could open up the browser within the session time and type in the URl and actually access the information from the previous user.
    Any ideas?
    Greg
    Tags: None
    #2
    Re: Session ID

    If you are using the Version 8 security, you can set the Login expiration policy to "expire when the user closes the browser"

    Comment

      #3
      Re: Session ID

      Jerry,
      I not useing that. I have a SQL database that has the UserID's. Is there a way to perform this if I'm not using the Alpha login method?

      Comment

        #4
        Re: Session ID

        I was about to post two ideas, but realized neither will fire just because the browser is closed. I'll list them anyway in case they spur on other ideas:

        1) use this javascript to flash an alert after x minutes of inactivity:

        Code:
        <script type="text/javascript">
	setTimeout( 'ShowTimeoutWarning();', 3300000 );
</script>

<script type="text/javascript">
function ShowTimeoutWarning ()
{
    window.alert("Your browser has been idle for 55 minutes. As a security precaution your session will end in five minutes. To continue, either refresh your browser or save your page. If your session has ended, you will have to log back in." );
}
</script>

<meta http-equiv=Content-type content="text/html; charset=unicode">

' above time is in miliseconds. 60,000= 1 minute. 3300000 = 55 minutes
        2) See Session.reset() in the Help. This function deletes all session variables (with some specific exceptions). You can also delete session variables with:

        delete session.myvar
        Steve Wood
        See my profile on IADN

        Comment

          #5
          Re: Session ID

          Thanks for the help.
          Here is what I ended up doing:

          <script type="text/javascript">
          <!--
          if (document.referrer == '')
          window.location = "https://secure.padmin.com/claimsentry/claim.a5w";
          //-->
          </script>

          So, if the user go to the screen without coming from a referrer I send them back to the logon screen.
          Works perfect.
          Now I just need to figure out if the person closed their browser, so I can end their session.
          Greg

          Comment

            #6
            Re: Session ID

            Greg, this approach is probably going to be problematic for you unless you have full control over the clients, as in a tightly controlled intranet setting. Without that control, there are two potential problems.

            1) JavaScript can be disabled in the browser, effectively bypassing your protection and allowing direct access.

            2) Privacy software, often part of personal firewalls like Norton and McAfee, typically blocks the referrer. These users will always appear to have not logged in even if they have.

            So to get back to your original question - there is no (reliable) way for you to end a session when the browser is closed. To accomplish what you want, you will have to either use the Security Framework's timeout options, or implement your own tracking using a cookie that automatically expires when the browser is closed.

            Lenny Forziati
            Vice President, Internet Products and Technical Services
            Alpha Software Corporation

            Comment

              #7
              Re: Session ID

              Lenny, if I turn on the V8 Security Framework, that disables the session time value in the config of WAS. Correct?
              Can I use the tracking cookie in WAS or do I need to use JS?
              Greg

              Comment

              Previous template Next
              Working...
              X