Is Previous Session Clean-Up Possible?

Dec 8, 2009 at 9:13 PM

We've successfully implemented the St. John's solution, and just announced our Live Mail accounts.  Almost immediately a concerned was reported that I'm trying to correct.  It seems that when you go to outlook.com and login, and then don't log-out (just close the window instead), the session remains open and the next student to use a public computer is presented the previous students email.  Although we promote access only through our Luminis portal, the problem is the same.  If the previous student doesn't logout properly, the next student to use the same computer is presented the previous student's email when clicking on the LiveMail icon in Luminis.  I was hoping someone else had noticed this, and enhanced the solution with some session cleanup. Unfortunately, I'm not a programmer and wouldn't know where to start.

Thanks if someone can share a solution.

C Emmons

Jun 23, 2010 at 7:51 PM

We are looking at the exact same problem.  Anybody have any fixes for this?

Jul 26, 2010 at 9:20 PM

I am at this point as well.  I can trust about 99.8% of our student users to just "close the window," thereby insuring that this will definitely happen if we put this out to Production as it is.

If anyone has developed a plan of attack for this, we sorely need assistance.

 

Thanks,

David

Jul 26, 2010 at 9:35 PM

We still don’t have a solution either – be interested if anyone finds one.

From: dfontenot [mailto:notifications@codeplex.com]
Sent: Monday, July 26, 2010 4:21 PM
To: Emmons, Crystal
Subject: Re: Is Previous Session Clean-Up Possible? [LuminisLiveSSO:77523]

From: dfontenot

I am at this point as well. I can trust about 99.8% of our student users to just "close the window," thereby insuring that this will definitely happen if we put this out to Production as it is.

If anyone has developed a plan of attack for this, we sorely need assistance.

Thanks,

David

Read the full discussion online.

To add a post to this discussion, reply to this email (LuminisLiveSSO@discussions.codeplex.com)

To start a new discussion for this project, email LuminisLiveSSO@discussions.codeplex.com

You are receiving this email because you subscribed to this discussion on CodePlex. You can unsubscribe or change your settings on codePlex.com.

Please note: Images and attachments will be removed from emails. Any posts to this discussion will also be available online at codeplex.com

Oct 4, 2010 at 5:48 PM

We have the same issue.  I cannot count on users signing off.  Has anyone found a solution?

Oct 18, 2010 at 3:10 PM

I received this url from Microsoft:

https://login.live.com/logout.srf

The tech said to send the active user ID to the same SSO process but with this url, and it should log out the user from ALL Live Services, so it wouldn't matter if they were on their Sky Drive, email or whatever.

I've tried various javascript methods to set up a "trigger" to fire this "redirection," by trying to force a location.href change on the open email window (because I think relocating the window of the logged-in user to the logout url will work and eliminate the need to re-send the ID and url through the SSO coding).

I've seen some indications that my theory might be correct when the javascript I ran didn't perform right, but wound up redirecting the open Luminis page.  When that occurred, I tried logging in as a different user, and I got that user's Live email rather than the previous user.  Since a regular Luminis logout doesn't produce this result, I believe it was the re-direction of the url with the logged-in user ID that did the trick.

The problem I'm running into with this approach is to find an effective way to trigger the url re-direction if a user clicks the Luminis Logout button (and hopefully the Luminis session timeout utilizes similarly accessible sources, but I haven't gotten that far yet).  A response from Luminis Support confirmed that the logout is directed from the logout.jsp file, but I can't get something set up that will fire the trigger for a number of reasons:

1. The "name" of the window starts out as "mua" or "ema" (see "nested-tables.xsl" in the $CP_ROOT/WEB-INF/uPortal/org/jasig/portal/layout/tab-column/nested-tables directory), but after the numerous redirections involved in logging in to Live services, it's possible the name is lost or changed, OR I just haven't found a script to search for an already-open window by "name" that actually works.

2. Trying to find the window by "location" resulted in similar results.

3.  The action of the Logout button is simply too fast for the javascript processes to fire and process the desired action (I'm pursuing the opening of a new, non-focused window that pulls the logged-in user with the iPerson object, then redirects with that ID to the logout url). Placing the javascript in an "onUnload" process simply responds too slowly.  Although IE has an "onBeforeUnload" event, it's the only browser that recognizes it, and it fires when there's any change in the window including a closing window, redirect to another url, etc.

I welcome any other suggestions as my whole approach here may be seriously off.

 

 

David