Please upgrade here. These earlier versions are no longer being updated and have security issues.
HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.

jsConnect/SSO - How to invalidate session?

Hey all,

I am using jsConnect and the Auto-signin/out plugin to integrate with my existing website. The issue is that on my existing website, if the users session expires after 2 hours, that user is STILL showing as logged into the Vanilla Forums. What can I do to solve this? How can I make jsConnect authenticate on every request to make sure things stay in-sync?

Comments

  • LincLinc Detroit Admin

    Vanilla does not currently have a proper session to invalidate. Limiting your cookie validation window to a shorter timeframe would be one way to accomplish something similar. Generally, you don't want SSO validating on every request as that would become tremendously expensive.

  • That seems like an important piece that is missing in jsConnect/Vanilla that there is not a method to keep the sessions in-sync. Thanks for your comments though

Sign In or Register to comment.