Logged In As Deleted User

Small item … I’ll give an example scenario …

If you’re logged in as admin and delete the admin account, you’ll still be logged into the admin account, (even though you just deleted it). After doing so, I will still able to continue making changes and functioning normally under the admin account.

I’m using Ignition 7.0.0.4408 under Windows Server 2003.

Yes, I suppose that is true. Our authentication profiles don’t really have any sort of callback mechanism to notify Ignition of when a user has been deleted. One thing I have seen customers do is to use the inactivity timer to log a user out or to switch the user to a lesser-priviledged user. This can help, although doesn’t really get directly at the issue you brought up.

I guess we could start polling the authentication profile while a user is logged-in to make sure that a user’s credentials are still valid…not a bad idea.

If you mean polling at timed intervals, I wouldn’t think that’d be necessary … Couldn’t you just validate the user upon each interaction, (i.e. each HTTP GET/POST) … ?

That would be horrendously slow. You’re probably using an internal authentication profile so you might not see any sort of delay, but use an Active Directory profile and you’ll realize that thats not a very good idea.

Indeed I am! Couldn’t you use cookies or other methods of authentication revolving around the HTTP protocol?

Regardless, I’m sure you’ll have a stroke of genius and figure something out!

Yeah, we’ll work something out… I’m just saying - we can’t go ping the auth profile every http request (the client generates about 5/second)

Ah, I see … I was only thinking within the realm of Gateway’s web interface … I haven’t even dug into the various modules!