In some cases developers might want to expire a session manually. This is useful for example after a user has logged out, as it frees all the memory that was allocated during the session. More important it makes it impossible to use the Back button to get into the previously authenticated user-account and do something malicious.
A session can be marked for expiry by sending the message
WASession>>expire to a
WASession. Note that calling
expire will not cause the session to disappear immediately, it is just marked as expired and not accessible from the web anymore. At a later point in time Seaside will call
unregistered and the garbage collector eventually frees the occupied memory.
Let us apply it to our hotel application: we change our MiniInn application to automatically expire the session when the user logs out.
user := nil.
Note that expiring a session without redirecting the user to a different location will automatically start a new session within the same application. Here we change that behavior to make it point to the Seaside web site as follows.
user := nil.
self redirectTo: 'http://www.seaside.st'
If the user tries to get back to the application, he is automatically redirected to a new session.