Jump to content

SSO and logout

Isabella Eistetter

Recommended Posts


When you have implemented SSO through a third party login service and the user logout from the SSO system, the session in Invision keeps alive. So the user is still logged in Invision and it could be a security problem for us in some scenarios.

Is there any way (through API call or configuration in invision's control panel) to close the invision's session or to sync the SSO session with the Invision session?

Thank you

Link to comment
Share on other sites

In that case, there's not going to be a direct built in way to notify the software that the user has logged out. Most likely, you will need to create a plugin on \IPS\Session\Front (the read() method in my experience) to check for session validity. The simplest method usually involves looking for a cookie from the front end, and assuming the user is logged out if it is not present.

Link to comment
Share on other sites


This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...