- Mon Apr 08, 2024 5:38 am
#832255
Hello,
I designed and developed a new interface for processmaker and use REST API (grant code) for exchanging data from processmaker server with endpoints, every thing works correctly except logout, when user logs out of system and another user wants to log in system, the information of previous user is shown, my strategy in logout is removing cash and cookies and session and unset access_token and refresh_token as follows:
<?php
if (! empty($_GET['error'])) {
print_r($_GET);
die();
}
// Assuming $token contains the token to be invalidated
$data = json_decode(file_get_contents("app-data.json"), true);
// Remove the token from the data array
unset($data['access_token']);
unset($data['refresh_token']);
// Save the updated data back to the file
file_put_contents("app-data.json", json_encode($data));
header("location: access.php");
session_start();
$_SESSION = array();
if(ini_get("session.use_cookies")){
$params =
session_get_cookie_params();
setcookie(session_name(),'',time()-42000,$params["path"],$params["domain"],$params["secure"],$params["httponly"]);
}
session_destroy();
setcookie("PHPSESSID", "", time() - 86400, "/");
setcookie("PM-TabPrimary", "", time() - 86400, "/");
setcookie("PM-Warning", "", time() - 86400, "/");
setcookie("pm_sys_sys", "", time() - 86400, "/");
setcookie("singleSignOn", "", time() - 86400, "/");
setcookie("workspaceSkin", "", time() - 86400, "/");
setcookie("ys-casesGrid", "", time() - 86400, "/");
setcookie("ys-workflowdraftcasesGrid", "", time() - 86400, "/");
ini_set('session.gc_max_lifetime', 0);
ini_set('session.gc_probability', 1);
ini_set('session.gc_divisor', 1);
clearstatcache();
// Clear the file status cache and the realpath cache for all files
// Disable caching of the current document:
header('Expires: Mon, 26 Jul 1997 05:00:00 GMT');
header('Cache-Control: no-store, no-cache, must-revalidate');
header('Cache-Control: post-check=0, pre-check=0', FALSE);
header('Pragma: no-cache');
// Clear site data for the current origin:
header('Clear-Site-Data: "cache", "cookies", "storage", "executionContexts"');
session_start();
session_unset();
session_destroy();
ini_set('session.gc_max_lifetime', 0);
ini_set('session.gc_probability', 1);
ini_set('session.gc_divisor', 1);
?>
- what can I do to logout works correctly?
Thank you so much.
I designed and developed a new interface for processmaker and use REST API (grant code) for exchanging data from processmaker server with endpoints, every thing works correctly except logout, when user logs out of system and another user wants to log in system, the information of previous user is shown, my strategy in logout is removing cash and cookies and session and unset access_token and refresh_token as follows:
<?php
if (! empty($_GET['error'])) {
print_r($_GET);
die();
}
// Assuming $token contains the token to be invalidated
$data = json_decode(file_get_contents("app-data.json"), true);
// Remove the token from the data array
unset($data['access_token']);
unset($data['refresh_token']);
// Save the updated data back to the file
file_put_contents("app-data.json", json_encode($data));
header("location: access.php");
session_start();
$_SESSION = array();
if(ini_get("session.use_cookies")){
$params =
session_get_cookie_params();
setcookie(session_name(),'',time()-42000,$params["path"],$params["domain"],$params["secure"],$params["httponly"]);
}
session_destroy();
setcookie("PHPSESSID", "", time() - 86400, "/");
setcookie("PM-TabPrimary", "", time() - 86400, "/");
setcookie("PM-Warning", "", time() - 86400, "/");
setcookie("pm_sys_sys", "", time() - 86400, "/");
setcookie("singleSignOn", "", time() - 86400, "/");
setcookie("workspaceSkin", "", time() - 86400, "/");
setcookie("ys-casesGrid", "", time() - 86400, "/");
setcookie("ys-workflowdraftcasesGrid", "", time() - 86400, "/");
ini_set('session.gc_max_lifetime', 0);
ini_set('session.gc_probability', 1);
ini_set('session.gc_divisor', 1);
clearstatcache();
// Clear the file status cache and the realpath cache for all files
// Disable caching of the current document:
header('Expires: Mon, 26 Jul 1997 05:00:00 GMT');
header('Cache-Control: no-store, no-cache, must-revalidate');
header('Cache-Control: post-check=0, pre-check=0', FALSE);
header('Pragma: no-cache');
// Clear site data for the current origin:
header('Clear-Site-Data: "cache", "cookies", "storage", "executionContexts"');
session_start();
session_unset();
session_destroy();
ini_set('session.gc_max_lifetime', 0);
ini_set('session.gc_probability', 1);
ini_set('session.gc_divisor', 1);
?>
- what can I do to logout works correctly?
Thank you so much.