sessionexpire

sessionexpire — Expires one or more sessions that a user has active within the system. This can be used to log a user out of any browsers they are logged in from, as well as to cancel any sessions created with the sessionexpire mode.

Mode Description

Expires one or more sessions that a user has active within the system. This can be used to log a user out of any browsers they are logged in from, as well as to cancel any sessions created with the sessionexpire mode.

Arguments

mode

The protocol request mode: sessionexpire

user

Username. Leading and trailing whitespace is ignored, as is case.

auth_method

The authentication method used for this request. Default is 'clear', for plain-text authentication. 'cookie' or any of the challenge-response methods are also acceptable.

password

Deprecated. Password in plain-text. For the default authentication method, either this needs to be sent, or hpassword.

hpassword

Deprecated. Alternative to plain-text password. Password as an MD5 hex digest. Not perfectly secure, but defeats the most simple of network sniffers.

auth_challenge

If using challenge-response authentication, this should be the challenge that was generated for your client.

auth_response

If using challenge-response authentication, this should be the response hash you generate based on the challenge's formula.

ver

(Optional) Protocol version supported by the client; assumed to be 0 if not specified. See Chapter 27, Protocol Versions for details on the protocol version.

expireall

(Optional) If present and true, will expire all of a user's sessions.

expire_id_num

(Optional) If present and true, will expire the session with id num. You can get the id of a session from the third element of the session: ws:username:session_id:auth_code.

Return Values

success

OK on success or FAIL when there's an error. When there's an error, see errmsg for the error text. The absence of this variable should also be considered an error.

errmsg

The error message if success was FAIL, not present if OK. If the success variable is not present, this variable most likely will not be either (in the case of a server error), and clients should just report "Server Error, try again later.".