[dev] Session timeouts and transparent authentication drivers

Jan Schneider jan at horde.org
Fri May 14 17:07:03 UTC 2010


While looking for a solution how to log out when using transparent  
auth drivers, I discovered that we obviously don't use the  
REASON_SESSION logout reason anymore, beside in the ajax endpoint. Is  
that intentional, or an oversight?

Beside that, I'm still looking for how to best check whether  
transparent authentication (or any authentication for that matter)  
could be revoked. Currently, the user keeps logged in to Horde, once  
he successfull logged in and the session doesn't time out. There might  
be reasons to force a log out though. In this special case, we need to  
logout the user out of his horde session, as soon as the transparent  
"reason" for logging him in, is no longer valid. E.g. if a shibboleth  
session has expired.
Any ideas how to best do this? Adding a checkExistingAuth() to  
Horde_Auth_Base seems a good place for that.

Jan.

-- 
Do you need professional PHP or Horde consulting?
http://horde.org/consulting/



More information about the dev mailing list