Old Forums
Search:
Portal Engine Questions on portal engine and web parts.
Version 5.x > Portal Engine > Cross pollution on thin clients View modes: 
User avatar
Member
Member
DOkundaye - 7/25/2011 10:59:19 AM
   
Cross pollution on thin clients
Our current deployment is 5.5 R2 for a membership organisation.

We use web services to authenticate members against a 3rd party database. Upon authentication, the CMS database user table is updated with their unique details.

Recently, one of our members reported that after successful login, the details displayed to her belonged to someone else. Upon further investigation, l was able to ascertain that they worked for the same company. I checked the User table on the CMS database to see if the user's details had been overwritten. They were not.

We have eliminated them using the same computer but we do not know if the previous user logged out from their session. They use thin clients in their company.

Currently on log out, we clear the user session so that if the browser is closed down, you would need to relogin. However, this isn't true if only the tab is closed down.

Is there anything else i need to watch out for when our site is accessed from thin clients? My understanding of them is very limited. Are client sessions stored on the thin client server?

How can we avoid cross-pollution on thin clients?

Regards,

Derrick

User avatar
Kentico Developer
Kentico Developer
kentico_ivanat - 7/26/2011 5:58:19 AM
   
RE:Cross pollution on thin clients
Hi,

could you please share the code you are using for log out? Or do you use standard FormsAuthentication?

Maybe if you add Session.Abandon() to your code, the issue will be fixed.

Best regards,
Ivana Tomanickova

User avatar
Member
Member
DOkundaye - 7/26/2011 8:25:58 AM
   
RE:Cross pollution on thin clients
Hi Ivana,

Here is the code that is being run:
    protected void btnSignOut_Click(object sender, EventArgs e)
    {
        if (this.StopProcessing)
        {
            // Do not process
        }
        else
        {
            if (CMSContext.CurrentUser.IsAuthenticated())
            {
                FormsAuthentication.SignOut();
                CMSContext.ClearShoppingCart();

                string redirectUrl = this.RedirectToUrl;

                // If the user has registered Windows Live ID
                if (!String.IsNullOrEmpty(CMSContext.CurrentUser.UserSettings.WindowsLiveID))
                {
                    // Get data from auth cookie
                    string[] userData = UserInfoProvider.GetUserDataFromAuthCookie();

                    // If user has logged in using Windows Live ID, then sign him out from Live too
                    if ((userData != null) && (Array.IndexOf(userData, "liveidlogin") >= 0))
                    {
                        string siteName = CMSContext.CurrentSiteName;

                        // Get LiveID settings
                        string appId = SettingsKeyProvider.GetStringValue(siteName + ".CMSApplicationID");
                        string secret = SettingsKeyProvider.GetStringValue(siteName + ".CMSApplicationSecret");
                        string algorithm = SettingsKeyProvider.GetStringValue(siteName + ".CMSsecurityAlgorithm");

                        // Check valid Windows LiveID parameters
                        if ((appId != string.Empty) && (secret != string.Empty) && (algorithm != string.Empty))
                        {
                            WindowsLiveLogin wll = new WindowsLiveLogin(appId, secret, algorithm);

                            if (Session != null)
                            {
                                // Store info about logout request, for validation logout request
                                Session["liveidlogout"] = DateTime.Now;
                            }

                            // Redirect to Windows Live 
                            redirectUrl = wll.GetLogoutUrl();
                        }
                    }
                }

                CMSContext.CurrentUser = null;

                Response.Cache.SetNoStore();
                UrlHelper.Redirect(redirectUrl);
            }
            else
            {
                string returnUrl = null;
                string signInUrl = null;

                if (this.SignInUrl != "")
                {
                    signInUrl = ResolveUrl(CMSContext.GetUrl(this.SignInUrl));
                }
                else
                {
                    signInUrl = SettingsKeyProvider.GetStringValue(CMSContext.CurrentSiteName + ".CMSSecuredAreasLogonPage");
                }

                if (this.ReturnPath != "")
                {
                    returnUrl = ResolveUrl(CMSContext.GetUrl(this.ReturnPath));
                }
                else
                {
                    returnUrl = UrlHelper.CurrentURL;
                }

                if (signInUrl != "")
                {
                    UrlHelper.Redirect(UrlHelper.AddParameterToUrl(signInUrl, "returnurl", returnUrl));
                }
            }
        }
    }


Where would Session.Abandon() sit?

Regards,
Derrick

User avatar
Kentico Developer
Kentico Developer
kentico_ivanat - 7/27/2011 5:48:58 AM
   
RE:Cross pollution on thin clients
Hi,

could you please insert the line (Session.Abandon() ) in front of lines with UrlHelper.Redirect(). If it will not help, could you please describe how exactly are users authorized?

Thank you for information.

Best regards,
Ivana Tomanickova

Top