Has anyone figured out a reliable method to re-authenticate a user in Perspective (e.g., log in as a different user) without triggering a full project reload or creating a new session?
I know system.perspective.login() kicks off a new session under the hood, which is by design. But in real-world workflows—especially operator handoff or station re-authentication—it’s pretty disruptive to fully reload the view.
Anyone got a clever workaround? Even something unsupported-but-works?
Would love to hear how others have handled this—especially in 24/7 HMI control room settings where seamless transitions are key. Clients within the security zone can open the project, but can’t do anything until logged in. Logging in returns to the start view.
This is one of my largest roadblocks to using Perspective (besides the drawing tools) that's held us back from recommending it to customers, due to the blindness of switching users on continuous operations and needing to have visibility all the time. Ideally I'd like to see a popup window where the user can log in and then the screens all "refresh" similar to Vision to update the security context.
Considering the likely need to ensure control room operations are permitted only on those control room systems, I can't recommend Perspective in that role. (Yet.)
Not that I am saying this is the right solution if a solution at all, but something that popped in my head. Could you create your own authentication driven by custom session properties? Then, it's dependent on the session and does not utilize the built-in functions that force a new session.
You're going to have to elaborate more. Authentication is driven through the IdP, which needs to be displayed in a window of some sort. If this popped up in a separate popup window, that would be ideal, but I don't know how any custom session properties would accomplish anything like this.
Let's say we have a custom session property object named authenticated_user. If you have an external user source, you could query the database with usernames and passwords with a prepared sql query and then if their given credentials match, set the property manually. Then have bindings if the authenticated_user exists to show/hide certain things based on the roles they have assigned.
I'll take a magic wand if you have a stock of them somewhere...
In this theoretical you would maintain authorization yourself and not use the built-in features, but it at least allows the built-in security to be used in all other implementations on the Gateway where you don't have this case.
Create a view with a button that calls system.perspective.login(). Add the view to your page config.
Create a view with an inline frame component with the page you created as the source URL. If you have multiple gateways, just build up the URL with an expression and session.props.gateway.address.
Create a button on your menu or wherever you want to login that calls the second view as a popup.
The inline frame opens another page in the same session (as long as it's part of the same project), so you can sign in inside the popup. Only the iframe in the popup will reload but the whole session will be authenticated. This allows you to log in without losing visibility of any plant.
This works with the Ignition IDP, I haven't tested it with other IDPs.
