Sippo Laisaari suppressed wrote: > > I am building a Finnish web shop, and when done, I contribute the > admin translation to you. (there is a lot of stuff, and might take some time) > It always time to Finnish. :-) > > How to invalidate user session when user presses logout button? > Now it nicely tels that user has logged out, but still all user > information is still there and can be modified pressing Services button. > > Also a session must be invalidated after non registered user checkout. > Now the Service button allows to modify the dummy profile. The point is: > Client has no idea whate the dummy userid / password is, but still > the information is there after checkout. > There's no need to 'invalidate' the session. You can clear the user's session variables by adding a clear=1 parameter to the [userdb logout] tag. The session can be safely reused once the user has logged out. > > This is also a security matter, you can shop using a public terminal and > after you the next user can see all you stuff if he/she is clever enough > and also could order some extra stuff to you :-( > Well, they could but they'd have to use their own credit card as that information is not stored in the session at all. -- _/ _/ _/_/_/_/ _/ _/ _/_/_/ _/ _/ _/_/_/ _/_/ _/ _/ _/ _/_/ _/ K e v i n W a l s h _/ _/ _/ _/ _/ _/ _/ _/_/ suppressed _/ _/ _/_/_/_/ _/ _/_/_/ _/ _/ _______________________________________________ interchange-users mailing list suppressed http://www.icdevgroup.org/mailman/listinfo/interchange-users
Mail converted by mhonarc 2.6.15
This archive provided courtesy of JSW4.NET, Internet Hosting Services for Small Business.