unable to load xas/ status:401 in IE

2
Hi there, I use a java action to log a user out. private boolean forceSessionLogoff(String username, String fingerprint) { String basemsg = String.format("Received logoff request for '%s' with fingerprint '%s'... ", username, fingerprint); System.out.print(basemsg); ISession session = Core.getActiveSession(username);; if (session==null) { System.out.print("Ignoring user"); return false; } else { Core.logout(session); return true; } } Then I use a URLRedirector to redirect to the application URL to force a refresh. In Internet Explorer 10 (and some previous versions), right after the show form action for the re director, this error pops up. No console error is visible only the popup. Any possible solutions? Thanks,
asked
5 answers
2

Do you have anonymous users enabled as well as the form with the URLRedirector widget the appropriate access to the user role that anon users have? I have a similar feature in my application that works.

And not much different, but I think it's better to log out based on context versus a string username (unless you are having users log other users out of the application):

IContext context = this.getContext();
ISession session = context.getSession();
Core.logout(session);
answered
2

The issue has to do in the communication between the Mendix Business server and the browser. The Mendix client is pull-based, so the initiative to execute actions is by the client and not from the server.

I understand why you want to logout with a microflow, because it styles the best in the forms, instead of the Mendix specific buttons. But when you logout a session in the Java code, the session will removed on the server side, but the browser will never get the info that his session is removed. Redirecting with a widget is a solution, but not the best one, because the client still haves his session (removed on the server) in cache and tries to get info from the server with that session.

The best thing to do is to let the client logout and then reopen the application again. Unfortunately there isn't a widget yet that supports that feature. I ask you to fill a feature request to have that widget build.

answered
2

From Mendix 5.0.0 and up we will support adding logout feedback when you log out using a Java action. This means that the client will be notified if it has triggered the logout action itself (using a microflow calling the Java action). Note that in your code example this does not apply, since you're obtaining some logged in session and are logging that out. If you look at Joël's answer you will see an explanation for that.

But anyway, if the client does trigger its own logout using a button, the code would look something like this:

    IContext context = this.getContext();
    Core.logout(context.getSession());
    FeedbackHelper.addLogoutFeedback(context);
answered
0

Any news on this issue?

I encounter same error. Checked that anonymous users are enabled and that form is visible for anonymous user role.

answered
0

I don't see the point of this complexity. Let me explain...

In the scenario where you enable anonymous access so the (logged-out) user can access your form with the url-redirector, their user session is logged out, then they connect as an anonymous user (still consuming a license), then you redirect them, and eventually your new anonymous session will expire and get removed.

If you do not bother to log them out, but just use the url-redirector to send them away from your application, their active user session will eventually expire and get removed. From a license consumption perspective, this is the same as the first scenario. In both cases you will end up waiting for a session to expire and get removed.

The only way to immediately remove a session is to log the user out, which will return them to the login page. As far as I know there is currently no way to both log them out and redirect them. Wouldn't it be nice to be able to specify which url to go to on logout?

Has anyone found a way around this issue?

answered