Session not ending on logout in IBM Worklight Adapter-based Authentication

3
votes

I downloaded Adapter Based Authentication project from IBM Worklight and in that I found that when I click on Logout button it not Ending up the current session, while on timeout Its session ends up properly. (Note that it ends the session but does not clear outs the UserID) I had set serverSessionTimeout = 3 in worklight.properties. Below are the screenshots that will show the entire picture of whats happening:

  1. When I click on Get Secret Data, In IBM worklight Console under Devices Tab it shows DeviceID, Device Model, but not UserID

Initial screen

  1. Now when I insert username and password it logs me in and UserID changes to worklight and when I Logout nothing changes here. In my code I have added 1 more user name worklight1 and when I login with worklight1 this screen still shows worklight in UserID.The UserID changes only after timeout happens i.e. after 3 minutes in my case!

Successful login using userID: worklight

  1. After timeout, if I try to login with any user, the userID changes to that specific user and remains so until the session times out.

After Timeout, logging in with other userID

Can anyone please suggest how to end the session as I did try the following code on logout but did not help-

WL.Server.setActiveUser("SingleStepAuthRealm", null);

Thanks in Advance !

1
ibm-mobilefirstsession-timeoutworklight-adaptersworklight-server
the user id is determined by the "isInternalUserId" attribute on the specific realm that is defined in the application's SecurityTest. What I'm missing to be able to help you is for you to tell me where is the "Logout" button you are talking about and what API does it invoke.iddo
The Logout button is in the App and it calls WL.client.logout APIvshall

1 Answers

0
votes

I just tested the Worklight Sample of the adapter authentication and it is working as expected. On the logout it is logging out the user. (http://public.dhe.ibm.com/software/mobile-solutions/worklight/docs/v620/AdapterBasedAuthenticationHybridProject.zip)

Are you not passing the wrong Realm on the logout function?

Take a look on the sample code for the logout of the single step app: WL.Client.logout('SingleStepAuthRealm', {onSuccess:WL.Client.reloadApp})

This code would log you out from the SingleStepAuthRealm not form the DoubleStepAuthRealm.