Forum OpenACS Q&A: Re: Invalidate all session and login cookies

Collapse
4: Re: Invalidate all session and login cookies (response to 1)
Posted by Michael Aram on 04/19/18 02:20 PM

Thank you both for your answers.

Brian, your appealing approach does not work, unfortunately, at least not in our case.

Now, we would add the following snippet to acs-tcl/security-procs.tcl at line 130:

http://cvs.openacs.org/browse/OpenACS/openacs-4/packages/acs-tcl/tcl/security-procs.tcl?u=3&r=1.90#to130

       # essentially "now" now plus kernel parameter session_renew_time
       set hardcoded_constant_timestamp 123456789
       if {$session_last_renew_time < $hardcoded_constant_timestamp} {
           ad_user_logout
           sec_login_handler
           return
       }

Any final comments? 😊