SessionScope not reseted on login / logout?

hcl-bot · May 12, 2009, 8:07am

Hey everybody,I got the following problem to submit to you all :

it seems the sessionScope object is not reseted on user login / logout.

Wether i do a complete refresh of the whole xpage or not doesnt change anything to this behaviour.

Is this the way it is meant to work? I thought sessionScope was related to userSession. From what i see, it seems more related to the opening of the application in a browser.

I may be wrong, but this looks like a serious bug to me.

the XPAGE app. i work on is heavily relying on sessionScope object to store values like tags cloud status, categories cloud status, and so on. We need sessionScope cleared on login/logout.

This problem is same wether i give anonymous access to my db or not.

I tried to call sessionScope.clear() on login as a workaround, but it doesnt work. i get a server error saying there is no such fonction.

Help would be much appreciated. This looks like a security hole to me.

Thanks.

Luc.

hcl-bot · March 15, 2011, 3:30am

Subject: Set sessionScope variable to null on logout

Solved similar issue by adding this code to the logout link:

sessionScope.myVar = null;

A before page load event checks for this sessionScope variable on a custom component that is part of every XPage:

if (!sessionScope.contains(“myVar”)) {

}

Of course, your server needs to be configured for session authentication, for the logout to work.

hcl-bot · April 20, 2011, 11:29am

Subject: Same here

I am also getting this problem. This has to be a bug surely?

hcl-bot · May 12, 2009, 12:56pm

Subject: Same here…

Firefox and IE7…

I set a sessionScope variable no problem.

Logout …nsf?logout

I have to authenticate to access db again.

Sessionscope variable is still set.

Maybe we are not doing this right?

Anybody know?