Start a new topic

How to not store the logged user session?

According to the [guide]( "guide") logged user is automatically remembered on a given computer. This is obviously not always desirable and login pages usually ask the user whether he wants to be remembered on a computer.

How do I turn off the storing of user session? I could not find anything relevant in the guide.


@daniel_sedlacek‌ -- Can you give me an idea what the use case for this is? In general you can call the logout command to forget a user's session. You can set a timeout for a user session, but we don't directly support the ability to drop the session completely.

The use case is that on a public/untrusted computer you don't want your session to be remembered and if you opt out the server will not drop persistent cookie, so that when you close the browser you are not logged in any more. (You should not relay on the user always correctly logging off.)

Actually the guide does not say if you use persistent cookies at all or just session cookies. (I have just realised the browser is not considered closed when it goes to sleep, maybe that is why I experience being constantly logged in.)

Anyway, how do you set the timeout for user session? Something like passing a _kmd object with a maxAge setting to the login method?

@daniel_sedlacek‌ ,

Exactly right, you just set a max age, if it's greater than that age, invoke the logout() function.

Happy developing!
Login or Signup to post a comment