Forum OpenACS Q&A: Re: How to expire session on the server side?

Collapse
Posted by Dave Bauer on
I think it makes more sense to invalidate the cookies on the server side, this will ensure ALL cookies no matter where they are stored are invalid. This requires that whatever token is compared on the server is invalidated so the next time the cookie is used it is invalid.

This is already how expiring sessions work so it should not be difficult to make sure the existing cookie handling code does this.

Torben, I am not aware of any large project requesting this. Can you explain further?