After Logout still keeping session

Similar Messages

• Black screen after logout of x2go session

  Hi,
  I have an arch machine with xfce4 I connect to with x2go. Until recently I could just use the xfce logout button to suspend the session, and the main window would close.
  This worked until I did a system update 4 days ago (9 march 2015) where some xfce4 components got updated.
  Now the desktop disappears and becomes a black screen, and according to the log the session is still active. If I suspend the session using the button on the client (or just close the main window) and reconnect again later, I am greeted with a black screen again.
  The only solution then is to terminate the session through the client and reconnect.
  When i execute x2gosuspend-session or x2goterminate-session in a terminal, the session gets suspended/terminated as expected.
  Those 2 commands basically do what I want the log out and shutdown button inside xfce to do.
  relevant update log:
  [2015-03-09 09:26] [PACMAN] Running 'pacman -Syu'
  [2015-03-09 09:26] [PACMAN] synchronizing package lists
  [2015-03-09 09:26] [PACMAN] starting full system upgrade
  [2015-03-09 09:26] [ALPM] transaction started
  [2015-03-09 09:26] [ALPM] removed gtk3-xfce-engine (3.0.1-2)
  [2015-03-09 09:26] [ALPM] removed gtk2-xfce-engine (3.0.1-2)
  [2015-03-09 09:26] [ALPM] upgraded gcc-libs (4.9.2-3 -> 4.9.2-4)
  [2015-03-09 09:26] [ALPM] upgraded elfutils (0.161-2 -> 0.161-3)
  [2015-03-09 09:26] [ALPM] upgraded glib2 (2.42.1-1 -> 2.42.2-1)
  [2015-03-09 09:26] [ALPM] upgraded libxfce4util (4.10.1-2 -> 4.12.1-1)
  [2015-03-09 09:26] [ALPM] upgraded gtk-update-icon-cache (2.24.26-1 -> 2.24.27-1)
  [2015-03-09 09:26] [ALPM] upgraded mesa (10.4.5-1 -> 10.4.6-1)
  [2015-03-09 09:26] [ALPM] upgraded mesa-libgl (10.4.5-1 -> 10.4.6-1)
  [2015-03-09 09:26] [ALPM] upgraded gtk2 (2.24.26-1 -> 2.24.27-1)
  [2015-03-09 09:26] [ALPM] upgraded xfconf (4.10.0-4 -> 4.12.0-1)
  [2015-03-09 09:26] [ALPM] upgraded libproxy (0.4.11-4 -> 0.4.11-5)
  [2015-03-09 09:26] [ALPM] upgraded libxfce4ui (4.10.0-2 -> 4.12.0-1)
  [2015-03-09 09:26] [ALPM] upgraded exo (0.10.2-3 -> 0.10.3-2)
  [2015-03-09 09:26] [ALPM] upgraded firefox (36.0-1 -> 36.0.1-1)
  [2015-03-09 09:26] [ALPM] upgraded garcon (0.2.1-1 -> 0.4.0-1)
  [2015-03-09 09:26] [ALPM] upgraded libmpc (1.0.2-2 -> 1.0.3-1)
  [2015-03-09 09:26] [ALPM] upgraded gcc (4.9.2-3 -> 4.9.2-4)
  [2015-03-09 09:26] [ALPM] upgraded gcc-fortran (4.9.2-3 -> 4.9.2-4)
  [2015-03-09 09:26] [ALPM] upgraded git (2.3.1-1 -> 2.3.2-1)
  [2015-03-09 09:26] [ALPM] upgraded grep (2.21-1 -> 2.21-2)
  [2015-03-09 09:26] [ALPM] installed gtk-xfce-engine (2.10.1-1)
  [2015-03-09 09:26] [ALPM] upgraded libplist (1.11-1 -> 1.12-1)
  [2015-03-09 09:26] [ALPM] upgraded libusbmuxd (1.0.9-1 -> 1.0.10-1)
  [2015-03-09 09:26] [ALPM] upgraded libimobiledevice (1.1.7-1 -> 1.2.0-1)
  [2015-03-09 09:26] [ALPM] upgraded librsvg (1:2.40.6-1 -> 1:2.40.8-1)
  [2015-03-09 09:26] [ALPM] upgraded libtool (2.4.5-1 -> 2.4.6-1)
  [2015-03-09 09:26] [ALPM] upgraded man-pages (3.80-1 -> 3.81-1)
  [2015-03-09 09:26] [ALPM] upgraded thunar (1.6.5-1 -> 1.6.6-1)
  [2015-03-09 09:26] [ALPM] upgraded thunar-volman (0.8.0-2 -> 0.8.1-1)
  [2015-03-09 09:26] [ALPM] upgraded upower (0.99.2-1 -> 0.99.2-2)
  [2015-03-09 09:26] [ALPM] upgraded xfce4-appfinder (4.10.1-1 -> 4.12.0-1)
  [2015-03-09 09:26] [ALPM] upgraded xfce4-panel (4.10.1-2 -> 4.12.0-1)
  [2015-03-09 09:26] [ALPM] upgraded xfce4-mixer (4.11.0-1 -> 4.11.0-2)
  [2015-03-09 09:26] [ALPM] upgraded xfce4-power-manager (1.4.2-2 -> 1.4.3-1)
  [2015-03-09 09:26] [ALPM] installed polkit-gnome (0.105-2)
  [2015-03-09 09:26] [ALPM] upgraded xfce4-session (4.10.1-5 -> 4.12.0-2)
  [2015-03-09 09:26] [ALPM] installed cantarell-fonts (0.0.16-2)
  [2015-03-09 09:26] [ALPM] installed ttf-dejavu (2.34-2)
  [2015-03-09 09:26] [ALPM] installed gnome-themes-standard (3.14.2.3-1)
  [2015-03-09 09:26] [ALPM] upgraded xfce4-settings (4.10.1-1 -> 4.12.0-3)
  [2015-03-09 09:26] [ALPM] upgraded xfce4-terminal (0.6.3-1 -> 0.6.3-2)
  [2015-03-09 09:26] [ALPM] upgraded xfdesktop (4.10.3-2 -> 4.12.0-1)
  [2015-03-09 09:26] [ALPM] upgraded xfwm4 (4.10.1-1 -> 4.12.0-1)
  [2015-03-09 09:26] [ALPM] upgraded xterm (314-1 -> 316-1)
  [2015-03-09 09:26] [ALPM] transaction completed
  Does anyone know how I can restore previous behavior?
  Thanks

  As a workaround, you can create the file " /usr/local/bin/xfce4-session" with this content:
  #!/bin/bash
  /usr/bin/xfce4-session
  killall -q x2goagent || true
  Don't forget to make the file executable.
  Not pretty at all, but works for now.

• Logged Out session can be accessed again After logout (DAD authentication)

  Hello,
  Please find the details of my problem below:
  SCENERIO:
  Current Authentication: No Authentication (USING DAD)
  Authorization: MYAUTH
  Frequency: Once Per Session
  declare
  lv_retval boolean;
  lv_srec pkg_myutil.r_sessionrectype;
  begin
  begin
  -- This is NOT Apex Session. I am checking the entry in a table to make sure user is logged in
  -- and the link is not opened directly. In short making sure user opened the Apex link from the
  -- Oracle Forms application.
  lv_srec :=pkg_myutil.get_session_info(:P1_SID);
  if lv_srec.valid_session then
  lv_retval := TRUE;
  else
  lv_retval := FALSE;
  end if;
  exception
  when others then
  lv_retval := FALSE;
  end;
  return lv_retval;
  end;
  The Application Security property Authorization is set to : MYAUTH
  Logout Navigation Bar Entries-URL TARGET: http://myapp.mycompany.com/pls/apex/apex_custom_auth.logout?p_this_app=105&p_next_url=http://mycompany.com
  ( I cannot put this in the Authentication Logout URL as using -DATABASE- as sentry function (DAD authentication) gives me error: No functional attributes may be set when page sentry function is '-DATABASE-'.))
  so i directly modified the navigation bar entry
  Now I open the apex link from my forms application, and it Works fine. For example
  http://myapp.mycompany.com/pls/QRYONLYDAD/f?p=105:1:2524984933940261::NO::P1_SID:0137099300:
  The authorization function takes the P1_SID value and checks in database,finds the entry so returns TRUE to display the page 1 which i call Menu page.
  If I click logout, it works and takes me to the Mycompany home page.
  My question:
  If save that link and try to access it again AFTER LOGOUT, it still displays the page. Although the session is logged out, how come it still allows to access the page? The authorization function also doesn't fire which would have prevented it atleast. How APEX knows it still a valid session even after logout happens?
  I can see that Since there is DAD authentication, the login happens automatically........ but I cannot change that method. What other option do i have?
  Please help.
  Jay

  1.) Code for the function:
  Basically we are using a private DBMS_PIPE to pass a randomly generated string and read that pipe from Apex using get_session_info. Nothing to do with Apex Session. We just want to make sure the user opened the Apex link from the application.
  function get_session_info (p_session_id varchar2) return pkg_myutil.r_sessionrectype is
  rv_sessionrec eft.pkg_myutil.r_sessionrectype;
  lv_status NUMBER;
  lv_app_id varchar2(20);
  lv_EMPID VARCHAR2(20);
  lv_timeout BINARY_INTEGER := 0; --A timeout of 0 allows you to read without blocking. otherwise the pipe will keep waiting and our purpose won't be solved
  lv_rmstatus number;
  begin
  begin
  -- Valid Session theme: If the pipe doesnot exist means the url is not requested from inside the Forms application.
  lv_status := DBMS_PIPE.RECEIVE_MESSAGE(p_session_id,lv_timeout);
  IF lv_status <> 0 THEN
  raise_application_error(-20003,'Error while receiving.Status = ' || lv_status);
  END IF;
  DBMS_PIPE.UNPACK_MESSAGE(lv_app_id);
  DBMS_PIPE.UNPACK_MESSAGE(lv_EMPID);
  if lv_EMPID is null then
  raise_application_error(-20004,'User EMPID is null in the session info.');
  end if;
  -- construct return record
  rv_sessionrec.session_id:=p_session_id;
  rv_sessionrec.valid_session :=TRUE;
  -- remove pipe
  lv_rmstatus:=DBMS_PIPE.REMOVE_PIPE(p_session_id);
  if lv_rmstatus <> 0 then
  null; -- think what to do
  end if;
  exception
  when others then
  rv_sessionrec.session_id:=p_session_id;
  rv_sessionrec.valid_session :=FALSE;
  end;
  return rv_sessionrec;
  end get_session_info;
  2.) I guess you are right. But doesn't Apex use the Userid and password hardcoded in the DAD? because it displays the username in DAD on the page footer. But It will authenticate everytime. So I want to put another layer so that my pipe verification code executes everytime which can decide whether to show the page or redirect to a error page.
  If i put in a On-Load Before Header Process on Page 1 with the pl/sql code, is there a way there to redirect to different page? I couldn't think of a way to do it. Then i can remove the code from authorization scheme and add to the On-Load process?
  Does this help any?
  Thanks for your prompt response.
  Thanks,
  Jay

• HT4914 If you don't renew match after the first year, do you still keep access to the songs you matched?

  If you don't renew match after the first year, do you still keep access to the songs you matched?

  After sifting through the forums, this seems to be a recuring trend. Reps telling you they'll escalate your file to get someone to call you, but nobody does...
  Also found lenovospareparts.com, and although most of the product names are just product codes, I did find some lcd display covers, and I think mine would be $122.99. Take that minus the $80 I've already paid to send it in, that's not to bad. Who knows how much they charge for labor though. I don't get how nobody can tell me the price, yet sites like this exist, run by Lenovo, yet nobody at lenovo seems to know about it...
  PS can anyone confirm the $80 I've already spent gets taken off the total? That's what the guy on the phone during my initial call said. His example: if the part cost $100, I've paid $80, so I would only have to pay them the additional $20.
  http://www.lenovospareparts.com/U410_c_796.html

• A3.01 still keeps crashing here after ProKit update...

  I was keeping my fingers crossed, but in 64-bit mode A3.01 still keeps crashing after the ProKit update.
  Anyone with different experiences?
  Kjell Are Refsvik
  Norway

  What did the Genius Bar recommend?
  Almost every time I've run into freezes, they've been resolved by deleting preferences.
  If you're running 10.1.2 or higher, just hold down the option and command keys at launch.
  If an earlier version, I'd download and run Digital Rebellion's Preference Manager.
  Russ

• No keyboard at login window after logout

  Hello all,
  I'm just starting state testing and have been presented with a problem.  When a student logs out of a machine in order to log into the testing account the login window won't accept input from the keyboard.
  Bacground and details:
  We have labs of computers using workgroup manager and open directory for management.  In a normal lab the machine will boot to a login window.  This is so that the preferences will be refreshed before a student logs in.  The student will login as a local user (student) and procede to do whatever for the day. 
  We have recently started state mandated testing.  I have set up an OD account which is very locked down and keeps the student on track while testing.  This requires someone to log the normal user out and login as the OD user.  This is where the problem arises.
  About 50% of the time the keyboard will no longer funtion after logout.  No keys of any sort work. The mouse still works.  Even keystrokes through ARD do nothing.  A end user is then required to reboot the system in order to do ANYTHING.  This is not ideal for elementary kids.
  From my digging in log files and poking around i noticed that the loginwindow process was hanging or crashing.  If i kill the process the login window blinks and then works just fine.  I'm sure i could write a logout script that drops a process into the background to kill the loginwindow process after so many seconds, but thats messy.  Has anyone seen this?  Any thoughts or solution? Only happens on a logout, never on an initial bootup.
  I have found that 95% of these issues occur on Mac Mini's.  I can consistantly replicate the issue on a mini.  If i clone the mini to a macbook, i no longer have the problem (using carbon copy cloner).  So either the hardware is part of the issue or the clone fixed something in the process.
  OSX 10.5.8
  /var/log/windowserver.log  (on logout)
  May 02 16:27:30  [252] kCGErrorIllegalArgument: CGXSetWindowListTags: Operation on a window 0x6 not owned by caller loginwindow
  May 02 16:27:32  [252] CGXRestartSessionWorkspace: session workspace exited for session 256 ( on console )
  May 02 16:27:32  [252] loginwindow connection closed; closing server.
  May 02 16:27:33  [352] Server is starting up
  May 02 16:27:36  [352] CGXMappedDisplayStart: Unit 0: no display alias property
  May 02 16:27:36  [352] kCGErrorFailure: IOHIDSetCursorEnable returns -536870208
  May 02 16:27:36  [352] kCGErrorFailure: Set a breakpoint at CGErrorBreakpoint() to catch errors as they are returned
  May 02 16:27:36  [352] CGXPerformInitialDisplayConfiguration
  May 02 16:27:36  [352]   Display 0x41dc9d00: VirtualDisplay Unit 0; Vendor 0x756e6b6e Model 0x76697274 S/N 0; online enabled built-in (0,0)[1280 x 1024], base addr 0xb0021000
  May 02 16:27:36  [352] AGCAttach: Couldn't find any matches
  May 02 16:27:43  [352] kCGErrorIllegalArgument: CGXSetWindowListTags: Operation on a window 0x2 not owned by caller SecurityAgent
  May 02 16:27:45  [352] kCGErrorIllegalArgument: CGXOrderWindow: Operation on a window 0x2 not owned by caller SecurityAgent

  >kCGErrorIllegalArgument: CGXSetWindowListTags: Operation on a window 0x2 not owned by caller SecurityAgent
  In those cases there may be threads and/or processes trying to do things with windows that they don't own. In other words, some programmers may have goofed up a little bit someplace.
  But might try the one Helpful marked post here...
  https://discussions.apple.com/thread/987826?start=0&tstart=0

• Problem accessing sessionScope after logout

  Hello,
  after logout (session.invalidate) I cannot use
  ADFContext.getCurrent().getSessionScope().put(...) (java.lang.NullPointerException)
  How to recreate sessionScope?
  After logout not secured part of our application must be still functioning.
  Rado

  Hi,
  This is my logout code:
          ExternalContext ectx =
              FacesContext.getCurrentInstance().getExternalContext();
          HttpServletResponse response = (HttpServletResponse)ectx.getResponse();
          HttpServletRequest request = (HttpServletRequest)ectx.getRequest();
          HttpSession session = (HttpSession)ectx.getSession(false);
          session.invalidate();
          pageUri = Params.getStartUri();
          try {
              response.sendRedirect(request.getContextPath() + pageUri);
          } catch (IOException e) {
              JSFUtils.addFacesErrorMessage(MsgBundle.INTERNAL_ERROR,
                                            new Object[] { "Logout" });
          }The problematic code accessing the sessionScope is in constructor of session scope managed bean.
  When are instances of session scope managed beans created? I guess after a new session was created. Why then the sessionScope doesn't exists? Have my session managed bean higher priority and is created prior to sessionScope?
  I can postpone accessing sessionScope in the constructor but don't know have can I check sessionScope has not been prepared yet? In debugger it seems to be ok.
  Rado

• Problem in how to stop displaying previous page after Logout

  <%
  // I invalidate all my session when i logout and comes on Login.jsp page but if i go back still it open
  previous pages
  How i can stop these
  i am adding these line in avery jsp page
  1)
  response.setHeader("pragma","no-cache");
  response.setHeader("Cache-Control","no-cache");
  response.setHeader("Cache-Control","no-store");
  response.addDateHeader("Expires", 0);
  response.setDateHeader("max-age", 0);
  response.setIntHeader ("Expires", -1); //prevents caching at the proxy server
  response.addHeader("cache-Control", "private"); //IE5.x only;
  %>
  2) and in Logout.jsp
  response.sendRedirect("Login.jsp");
  session.invalidate();
  session.removeAttribute("viv");
  still on reaching login page i can move to previous page by clicking back button

  Hi sreenathreddy.
  I am doing exactly what you are talking about.
  On load of each jsp page, I check to see if I am still in session. If i am not, i redirect the user to the login page saying his session has expired.. This works perfectly fine in the sense that after I log out, if I directly type in the url or click on any other link from history, it redirects you to the login page.
  But my problem sitll remained that after logging out, if i clicked the back button, it would still take me to the previous page even though none of the links on that page would work.
  So i added all the response.SetHeaders that are mentioned in this discussion.
  Now the scenario is such that, when i press the back button after logging out, it tells me that the page has expired and i have to resubmit the form.
  There are two problems with this
  1. at this point , if i refresh my page, it still gets the details from the server and even though i am invalidating the session and all the user details, and checking to see if the session is invalidated,it still somehow manages to get all the details(i dont know where that info is stored)
  2. even if the person has not logged out. ie in the middle of a perfectly valid session and clicks on the back button, he is warned that the session has expired.
  please do reply
  thanks
  ritesh

• My iPhone 4s notified me that I had to manage my storage  so I deleted  apps that used a lot of space I deleted almost all my picture and it still keeps telling me  I don't have enough storage  is there any other way I can make room on my phone ?

  My iPhone 4s notified me that I had to manage my storage  so I deleted  apps that used a lot of space I deleted almost all my picture and it still keeps telling me  I don't have enough storage  is there any other way I can make room on my phone ?  Were it shows how much storage  I have available it still says 9.9 even after all that I have done so I don't know if I need to change my storage plan or what but anything will help I guess

  Check for 'others' in iTunes against your iPhone.
  Restore from a previous backup to reclaim some of it.
  Still want more, Restore in iTunes, setup as New.

• Session state consistency - how does APEX keep session state across pages

  I would like to know how the APEX develper tool keeps session state from being overwritten across mutiltple pages in the same Session. Because this is difficult to explain I'll use an example from withing the APEX dev tool
  For Example:
  1. I navigate to the page (4150) thet allows me to edit my Page 880 [Window 1]
  2. I now do a Cntrl^N to Open a New Window in the same session (this opens on the same Page 880 in the new window) [Window 2].
  3. In Window 1, I click an item to update ie I want to put a comment on the Unconditional Branch so click this to go to the Update page. I see the F4000_P4313_ID is passed in the URL (ie the context, UID of the Branch).
  4. In Window 2, I change the page to 881 - ie this is overwriting my Session State variables for page 880 with page 881.
  5. I click an item in Page 881 to update ie I want to put a comment on the Unconditional Branch so click this to go to the Update page. I see the F4000_P4313_ID is passed in the URL (ie the context, teh UID of the Branch).
  6. In Window 1 (the Page 880), I add a comment to the Branch and 'Apply' changes. On returning to the Page the context has changed from 880 to 881 (as expected as Window 2 had overwritten the session state). Slightly confusing for the user as they did go from Page 880 not 881 but ok
  What intrigues me is how the Edit Branch page applied the update to the correct branch [good !]. Why weren't the Branch Session state variables (ie the Branch for Page 880) overwritten with the Branch Session state variables for the Branch from Page 881 ?
  Both navigations go to the same Page passing the UID of the branch, hence I would of thought the last navigation is the one that would be persisting (ie from Page 881 Window) ?
  Any tips on preventing users updating the wrong record because of the Session State being overwritten would be most welcome.
  Look forward to hearing from you.

  Let me take a shot at explaining this.
  Session state is stored in Oracle database tables. When a APEX page is rendered, those tables are read and the HTML is sent to the browser. When that page is submitted, all the HTML form inputs on the page are saved back into session state over-writing any existing values for that session
  So, in your example, since Page 4313 has the hidden page item (the "GUID" of the branch), it doesn't matter if any other window has the same page open with some other GUID. Each page is a self-contained "unit" which has all the information necessary to properly process that page when it is submitted.
  Think of it this way...in your example, when you have windows 1 and 2 open (window 2 was opened after window 1), go back to Window 1 and click the browser's Reload/Refresh button. Instead of refreshing the same page (branch 9000000), you will find that it will load branch 8000000! This is because session state is read from the database and when Window 2 was rendered, it has set F4000_P4313_ID in session state to 8000000.
  Hope this helps.

• Deleting Pictures from my I Book after a Time Machine session ?

  Hello out there, my dear wife has allot of Pictures on her I Book and would love to delete them to free up space ! we ever so often back up to Time Maschine..if i deleted all her Pictures after a back up session..will the pictures be reloaded to her I Book at the next back up ? if yes..what would you recomend her doing so that she can free up her I book and still be able to access her pictures in the future ?

  Put them onto an external drive and set Time Machine to back it up as well. If they exist only on the backup, they'll get deleted from it when that drive runs out of space.
  (106877)

• Able to see web page using back button even after logout

  Hi,
  I have created a web application using creator.
  I have disabled caching by putting following meta tags inside the <ui:head> tag to prevent caching of the sensitive web pages.
  <meta http-equiv="pragma" content="no-cache"/>
  <META HTTP-EQUIV="CACHE-CONTROL" CONTENT="NO-CACHE"/>
  <META HTTP-EQUIV="CACHE-CONTROL" CONTENT="NO-STORE"/>
  <META HTTP-EQUIV="EXPIRES" CONTENT="-1"/>
  <META HTTP-EQUIV="PRAGMA" CONTENT="NO-STORE"/>
  But after logout when the user clicks on the back button the user is still able to see the previous page visited. Is there any work around for this? I am using firefox. Have not checked whether this happens in other browsers or not.
  Would really appretiate if you help me.
  Regs,
  Shastri.

  I understand that this question has been asked multiple times and till now my search for any possible workaround for the issue has been futile. If anybody out there knows or finds a work around, please let me know.
  Thanks in advance.
  -Shastri

• Logout Not Invalidating Session

  One of our applications was recently scanned by Security and they were able to do a 'Session Replay Attack' in our application. The cookie does not appear to be expiring upon logout which allows a user to log back in under that session even after closing everything out. Our current Authentication Scheme is set to the following on logout:
  wwv_flow_custom_auth_std.logout?p_this_flow=&APP_ID.&p_next_flow_page_sess=&APP_ID.:1000:&SESSION.
  We are currently using APEX 2.2, can you provide any guidance as to how to expire the session cookie so no one can get in again?
  Thank you,
  Amy

  Sorry for the delay in responding, I had to get the information from the security person that was able to do this. Here are the responses below:
  I need more details of what was done in this scenario. Are you saying that the logout procedure did not change the value of the cookie in the browser session? How did you determine that?
  - The session cookie assigned when logging in the first time did not expire immediately when the person logged out. Without logging in, all I would need to do is resubmit the session cookie in my requests to gain access to the application. I accomplished this using a web proxy to capture requests between the browser and server allowing me to manipulate data sent to /from the server.
  What was the value of the session cookie after the logout occurred?
  - I merely reused the session cookie already provided. Cookie submitted was: WWV_CUSTOM-F_2695714197338609_1100=04ACEC38BA5368CD
  Then by "after closing everything out" the user was able to enter username/password in the login page and run the application again in the original session, is that right?
  - No username / password needed. Session cookie is used as my validation.
  Does this have anything to do with the previous or new version of the session cookie?
  - Reusing previous cookie. Replacing new cookie with old cookie. Hence, ‘session replay attack’.
  In words, if you look at the value of the original session cookie before the logout and the cookie value after logout and the cookie value after the second login, are all three values (or at least the first and third values) the same?
  - I am reusing / substituting an old cookie and replacing new ones with the old one.
  Or are you making no statements about cookies at all but saying only that being able to use a session ID that was previously used (and logged out of) seems to be possible by the same named user in the same application.
  - Cookies are used for Session ID. Anyone can reuse that cookie / session ID and masquerade as that user.
  Thanks for the help and let me know if you need anymore information or clarifications.
  Amy

• Redirect after Logout - AM 7.1

  Using AM 7.1 I would like our users to be redirected to another URL after they Logout of AM. The URL would be different depending on the application they are logging out from. I was hoping that there was the ability to pass a goto or something like that to the Logout page of AM. I would also like a short delay before the actual redirect. Is this possible? If so, what are the parameters I would need to pass to the AM Logout page?

  vtapia wrote:
  Hi,
  I have an AM 7.1 working installation and I created a fqdn to access the AM. This is also working but my problem is when I tried to logout. The session is terminated without problem but the logout send me to the server name instead of the name defined in the FQDN. Example:
  Servername: web1.test.com
  FQDN: am.test.comI hope you have configured this in the AMConfig.properties
  >
  To login: http://am.test.com/amserver ---> No problem so far.
  After logging....
  When hit the logout button, the url redirect me to http://web1.test.com/amserver/UI/Logout
  And the link "Return to Login page" is created like this:
  http://web1.test.com/amserver/UI/Login?gx_charset=UTF-8
  Is there a way to correct this?
  Thank You in advanced

• Making user policies stay in effect after logout

  We enforce highly restrictive Windows group policies on our student users. Sometimes, a student is able to login offline, so they don't get the restrictive policy. In ZDM 7, we had the ability to make a user policy stay in effect after logout, which would keep the restrictions turned on until a user with less restrictions logged in. Is there a way to do this in ZCM 11? I looked in ZCC, and I can't see any option for this. FYI, we are using ZCM 11.2.2 MU 2.
  Rick P.
  Walla Walla Public Schools

  Originally Posted by craig_wilson
  Kevin,
  Whoever told you that was clueless about GPOs.
  User GPOs are removed at Logout.
  Device GPOs are removed at Shutdown.
  They are removed by Re-Applying the "Blank" GPOs located in
  %zenworks_home%\bin\cachefiles\Orginal_GPO
  (Or something like that w/o looking.)
  These will only exist if a GPO is in place.
  It would be possible to replace those GPO files with your locked down
  files so when User/Machine GPOs are replaced with the "Blank" one, they
  are actually using a Strong GPO.
  On 2/15/2013 7:06 PM, RPummel wrote:
  >
  > kjhurni;2247277 Wrote:
  >> I was told the policies were cached and would remain in effect unless a
  >> new user with a DIFF policy logged in.
  >>
  >> I'll have to dig up my old emails as this was like over a year ago.
  >
  > This may be the theory, but it is not what we have observed in
  > practice.
  >
  > Rick
  >
  >
  Craig Wilson - MCNE, MCSE, CCNA
  Novell Knowledge Partner
  Novell does not officially monitor these forums.
  Suggestions/Opinions/Statements made by me are solely my own.
  These thoughts may not be shared by either Novell or any rational human.
  Thanks Craig. Too bad it doesn't remain in effect on logout. Seems like a glaring security hole, IMO compared to how MS does it. OR how ZFD used to do it.
  Guess an RMS is in order?