[sinaou]

Hello,
I designed and developed a new interface for processmaker and use REST API (grant code) for exchanging data from processmaker server with endpoints, every thing works correctly except logout, when user logs out of system and another user wants to log in system, the information of previous user is shown, my strategy in logout is removing cash and cookies and session and unset access_token and refresh_token as follows:

<?php
if (! empty($_GET['error'])) {
print_r($_GET);
die();
}
// Assuming $token contains the token to be invalidated

$data = json_decode(file_get_contents("app-data.json"), true);

// Remove the token from the data array
unset($data['access_token']);
unset($data['refresh_token']);

// Save the updated data back to the file
file_put_contents("app-data.json", json_encode($data));


header("location: access.php");
session_start();
$_SESSION = array();
if(ini_get("session.use_cookies")){
$params =
session_get_cookie_params();
setcookie(session_name(),'',time()-42000,$params["path"],$params["domain"],$params["secure"],$params["httponly"]);
}
session_destroy();

setcookie("PHPSESSID", "", time() - 86400, "/");
setcookie("PM-TabPrimary", "", time() - 86400, "/");
setcookie("PM-Warning", "", time() - 86400, "/");
setcookie("pm_sys_sys", "", time() - 86400, "/");
setcookie("singleSignOn", "", time() - 86400, "/");
setcookie("workspaceSkin", "", time() - 86400, "/");
setcookie("ys-casesGrid", "", time() - 86400, "/");
setcookie("ys-workflowdraftcasesGrid", "", time() - 86400, "/");

ini_set('session.gc_max_lifetime', 0);
ini_set('session.gc_probability', 1);
ini_set('session.gc_divisor', 1);
clearstatcache();

// Clear the file status cache and the realpath cache for all files
// Disable caching of the current document:
header('Expires: Mon, 26 Jul 1997 05:00:00 GMT');
header('Cache-Control: no-store, no-cache, must-revalidate');
header('Cache-Control: post-check=0, pre-check=0', FALSE);
header('Pragma: no-cache');

// Clear site data for the current origin:
header('Clear-Site-Data: "cache", "cookies", "storage", "executionContexts"');
session_start();
session_unset();
session_destroy();


ini_set('session.gc_max_lifetime', 0);
ini_set('session.gc_probability', 1);
ini_set('session.gc_divisor', 1);
?>

- what can I do to logout works correctly?
Thank you so much.

[animeshshrestha2021]

Hi,

Which application have you provided the code for? is it the Processmaker core? or your custom application that uses processmaker apis?

Is your requirement logging out from the Processmaker Core at the moment you logout from your own custom application? Can you also provide the specific version of Processmaker that you are using? Also can you provide some additional information on how we can replicate the same?

Hope i am clear on the questions.

[sinaou]

Hi, thank you for your response,
we built a custom interface and application that uses process maker rest api for populating data ,
but for logging out of our interface and application, there are some problems:
1- when the user logs into our application and then he logs out, we clean the cash and cookies and redirected him to login page, but if other user wants to log in, the previous user's data will be shown and in fact , our log out function and file doesn't work correctly.
It is worth to mention that our application is similar to the following link: :
https://wiki.processmaker.com/3.0/Get_the_ProcessMaker_Cases_List_in_an_external_application

the process maker version we use is 3 .

Thank you so much.

[animeshshrestha2021]

Hi,

As far i as i understand, the issue is with the logout issue in the custom application itself. What is the base framework of the custom application? is it any existing frameworks like laravel or is it custom? I think you should also share the login mechanism of the application so that it would be easier for us to emulate the same.

[sinaou]

Hi, thank you for your response,
we proceeded with the tutorial in processmaker website(link : https://wiki.processmaker.com/3.0/Get_the_ProcessMaker_Cases_List_in_an_external_application ) step by step and exactly as described in the tutorial and we have successfully listed the current user case list as shown in the tutorial, so our files are exactly like the tutorial and we did not use any specific frame work, but now we want to log out and log in with another user but we can not do that and there is no documentation or any thing for log out method so the only way we found was to completely empty the browser cash with this method user will automatically log out from the PM but not matter how hard we try we can not do that by code and there is always some cache and site data which will always show the previous user information.


our log out code:
<?php

header('Clear-Site-Data: "*"');

session_start();
$_SESSION = array();
if(ini_get("session.use_cookies")){
$params =
session_get_cookie_params();
setcookie(session_name(),'',time()-42000,$params["path"],$params["domain"],$params["secure"],$params["httponly"]);
}
session_destroy();

setcookie("PHPSESSID", "", time() - 86400, "/");
setcookie("PM-TabPrimary", "", time() - 86400, "/");
setcookie("PM-Warning", "", time() - 86400, "/");
setcookie("pm_sys_sys", "", time() - 86400, "/");
setcookie("singleSignOn", "", time() - 86400, "/");
setcookie("workspaceSkin", "", time() - 86400, "/");
setcookie("ys-casesGrid", "", time() - 86400, "/");
setcookie("ys-workflowdraftcasesGrid", "", time() - 86400, "/");

ini_set('session.gc_max_lifetime', 0);
ini_set('session.gc_probability', 1);
ini_set('session.gc_divisor', 1);
clearstatcache();

// Clear the file status cache and the realpath cache for all files
// Disable caching of the current document:
header('Expires: Mon, 26 Jul 1997 05:00:00 GMT');
header('Cache-Control: no-store, no-cache, must-revalidate');
header('Cache-Control: post-check=0, pre-check=0', FALSE);
header('Pragma: no-cache');

// Clear site data for the current origin:
header('Clear-Site-Data: "cache", "cookies", "storage", "executionContexts"');
session_start();
session_unset();
session_destroy();


ini_set('session.gc_max_lifetime', 0);
ini_set('session.gc_probability', 1);
ini_set('session.gc_divisor', 1);
$jsonFilePath = 'app-data.json';

// Check if the file exists before attempting to delete it
if (file_exists($jsonFilePath)) {
// Use unlink() function to delete the file
unlink($jsonFilePath);
echo "File deleted successfully";
} else {
echo "File does not exist";
}
$data = array('client_id' => 'VBDNRJXGRMQGSZWRWURURXOOFBQNXSUS', 'client_secret' => '80068032665926cc2c820a6060873698');

// Encode the data to JSON
$jsonData = json_encode($data);

// Specify the name of the JSON file
$filename = 'app-data.json';

// Write the JSON data to a file
file_put_contents($filename, $jsonData);


?>
<!DOCTYPE html>
<html lang="en">

<head>

<meta charset="UTF-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Dashboard</title>

<!--
- favicon
-->
<link rel="shortcut icon" href="./favicon.svg" type="image/svg+xml">

<!--
- custom css link
-->
<link rel="stylesheet" href="./assets/style.css">

<!--
- google font link
-->
<link rel="preconnect" href="https://fonts.googleapis.com">
<link rel="preconnect" href="https://fonts.gstatic.com" crossorigin>
<link href="https://fonts.googleapis.com/css2?family=Be+Vietnam+Pro:wght@400;500;600;900&display=swap"
rel="stylesheet">
<script src="https://code.jquery.com/jquery-3.7.1.js" integrity="sha256-eKhayi8LEQwp4NKxN+CfCh+3qOVUtJn3QNZ0TciWLP4=" crossorigin="anonymous"></script>

<!--
- material icon link
-->
<link
href="https://fonts.googleapis.com/css2?family=Material+Symbols+Rounded:opsz,wght,FILL,GRAD@20..48,100..700,0..1,-50..200"
rel="stylesheet" />
<style>
.question-box {
width: 400px;
margin: 20px auto;
border: 1px solid #009e74;
border-radius:5px;
padding: 50px;
font-family: Arial, sans-serif;
text-align:center;
background:#ffffff;
box-shadow: 0px 0px 9px 0px rgba(0,0,0,0.1);
}

.question {
font-size: 20px;
font-weight: bold;
color:grey;
}

.choices {
display: flex;
flex-wrap: wrap;
justify-content: space-between;
}

.choice {
width: 30%;
text-align:center;
background-color: #ffffff;
border: 1px solid #009e74;
border-radius: 5px;
padding:11px;
margin-top:30px;
cursor: pointer;
color:#009e74;
}

.choice:hover {
background-color: #009e74;
color:#ffffff;
}

.choice[data-answer="true"] {
background-color: #a4d4a5;
}

.choice[data-answer="false"] {
background-color: #f4a7a7;
}
</style>
</head>

<body>


<div class="question-box">
<p class="question" style="display:flex;flex-direction:row;justify-content:center"> <span class="material-symbols-rounded icon" style ="color:grey" aria-hidden="true">logout</span>&nbsp Are you sure to Logout?</p>
<div class="choices">
<a href="access.php" target="_parent" class="choice" >Yes</a>
<a href="index.php" target="_parent" class="choice" >No</a>

</div>
</div>

<script src="./assets/script.js"></script>

<script type ="text/javascript">

// Get cache storage and clear cache storage
window.caches.keys().then(function(names) {
for (let name of names)
window.caches.delete(name);
});

// Get indexed db and delete indexed db
const dbs = await window.indexedDB.databases()
dbs.forEach(db => { window.indexedDB.deleteDatabase(db.name) })

// clear localStorage
window.localStorage.clear();

// clear sessionStorage
window.sessionStorage.clear();
window.location.reload();

</script>
<script>
$(document).ready(function(){

// Requires jquery-cookie library
for (var it in $.cookie()) {
$.removeCookie(it);
}
window.close();
document.cookie ='cookie_name = expires=Thu, 01 Jan 1970 00:00:00 UTC;path=/;';


});
</script>






</body>

</html>