18.7Manually Expiring Sessions
In some cases developers might want to expire a session manually. This is useful for example after a user has logged out, as it frees all the memory that was allocated during the session. More important it makes it impossible to use the Back button to get into the previously authenticated user-account and do something malicious.
A session can be marked for expiry by sending the message WASession>>expire
to a WASession
. Note that calling expire
will not cause the session to disappear immediately, it is just marked as expired and not accessible from the web anymore. At a later point in time Seaside will call unregistered
and the garbage collector eventually frees the occupied memory.
Let us apply it to our hotel application: we change our MiniInn application to automatically expire the session when the user logs out.
InnSession>>logout
user := nil.
self expire
Note that expiring a session without redirecting the user to a different location will automatically start a new session within the same application. Here we change that behavior to make it point to the Seaside web site as follows.
InnSession>>logout
user := nil.
self expire.
self redirectTo: 'http://www.seaside.st'
If the user tries to get back to the application, he is automatically redirected to a new session.