So I found that the behavior of Caspio's Authentication is that it will not log a user out once they logged in to any of your DataPages unless the session expires or they logged out on their own (through the logout link). Even if I delete/disable the user's record in my database, it still allows them to access the DataPages as long as they prevent the page from being idle. I asked support if there is any settings that I can enable to force deleted users to log their sessions out but they didn't have the feature so I came up with this solution:
I just need to put this in any one DataPage that I have on each of my web page to make sure that they get logged out as soon as the page refreshes.
- First, add a Virtual Calculated Value field and use a SELECT query to check if the user's record is still existing. If not, the virtual field will return NULL. (By this time I think you know where this is going)
Something like this:
- Next, in the Footer, put this code in and just edit if you have a different virtual field number and your own Account ID for the folder logout:
<script type="text/javascript">
document.addEventListener('DataPageReady', function (event) {
if (calcField == '')
{
window.location.href="https://PUTYOURACCOUNTIDHERE.caspio.com/folderlogout";
}
}
});
</script>
I basically am forcing them to redirect to the logout link when it (the virtual field) detects that their account doesn't exist anymore in the View/Table source of the Authentication. And yes, if you are wondering why I didn't use the [@authfield: fieldname] instead, it's because it doesn't get updated like the SELECT statement. Take note that authentication is based on your browser's cache and it keeps the last used credentials until the session expires and it gets cleared.
While this doesn't work proactively and only fires when the user either reloads or did any action on the DataPage that made it refresh, I think its better than giving the user access to the DataPage until they decide to go idle and make the session expire or until they decide to log themselves out specially if you are trying to make your data secure from bad actors.
Hoping anyone finds this useful! Happy New Year everyone!
You can post now and register later.
If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.
Question
Tubby
So I found that the behavior of Caspio's Authentication is that it will not log a user out once they logged in to any of your DataPages unless the session expires or they logged out on their own (through the logout link). Even if I delete/disable the user's record in my database, it still allows them to access the DataPages as long as they prevent the page from being idle. I asked support if there is any settings that I can enable to force deleted users to log their sessions out but they didn't have the feature so I came up with this solution:
I just need to put this in any one DataPage that I have on each of my web page to make sure that they get logged out as soon as the page refreshes.
- First, add a Virtual Calculated Value field and use a SELECT query to check if the user's record is still existing. If not, the virtual field will return NULL. (By this time I think you know where this is going)
Something like this:
- Next, in the Footer, put this code in and just edit if you have a different virtual field number and your own Account ID for the folder logout:
<script type="text/javascript">
document.addEventListener('DataPageReady', function (event) {
document.querySelector('input[id*="cbParamVirtual1"]').addEventListener("change", myFunction);
function myFunction(event) {
let calcField = event.target.value;
if (calcField == '')
{
window.location.href="https://PUTYOURACCOUNTIDHERE.caspio.com/folderlogout";
}
}
});
</script>
I basically am forcing them to redirect to the logout link when it (the virtual field) detects that their account doesn't exist anymore in the View/Table source of the Authentication. And yes, if you are wondering why I didn't use the [@authfield: fieldname] instead, it's because it doesn't get updated like the SELECT statement. Take note that authentication is based on your browser's cache and it keeps the last used credentials until the session expires and it gets cleared.
While this doesn't work proactively and only fires when the user either reloads or did any action on the DataPage that made it refresh, I think its better than giving the user access to the DataPage until they decide to go idle and make the session expire or until they decide to log themselves out specially if you are trying to make your data secure from bad actors.
Hoping anyone finds this useful! Happy New Year everyone!
Link to comment
Share on other sites
0 answers to this question
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.