Hello,
I have a problem with users being "logged in" for long periods of time.
I set up sort of a ticketing system where users can send various requests to change their shifts (plus time, minus time, doctors appointment etc), which can then be approved/denied by a teamleader or staff planners.
When a user opens the main index.php, the Apache server fetches the visitors NT-User from the AD controller. The NT-User is then checked against a list of staff planners and teamleaders and redirected accordingly (index_staffplanner or index_teamleader). If the user is in neither list, he gets redirected to index_user).
Take note that the users are just checked against an editable list of NT-Usernames. not against actual couch users. In fact, the only existing couch user is the main superadmin account.
At first I had an issue with users bookmarking the index_user page directly (because they would skip the "get the current NTUser" script and would show up as "empty" users. However, I managed to solve this by redirecting the visitor to the main index site if the user cookie was empty. This works like a charm now.
However, not all users reset their PC daily and most of them just keep the page open. The page itself refreshes every 60 seconds. However, when a user has been logged on for a long time (I think it's 24 hours), there are two problems:
1) If he creates a new ticket (which uses databound forms) and hits submit, the Security tokens do not tally for executing this action error gets thrown.
2) Status on existing tickets aren't updated properly (even after hitting F5 - an already denied ticket eg would still show up as "open" for the user (status display is basically a simple <cms:show status /> for each ticket (each ticket is a cloned page). This is especially baffling to me and might be an unrelated caching issue. However, opening the proper index.php fixed the problem.
My question now is: can I somehow tell couch to redirect back to index.php if the the security token has expired, or can I disable the function alltogether and allow databound forms to be submitted no matter what?
I have a problem with users being "logged in" for long periods of time.
I set up sort of a ticketing system where users can send various requests to change their shifts (plus time, minus time, doctors appointment etc), which can then be approved/denied by a teamleader or staff planners.
When a user opens the main index.php, the Apache server fetches the visitors NT-User from the AD controller. The NT-User is then checked against a list of staff planners and teamleaders and redirected accordingly (index_staffplanner or index_teamleader). If the user is in neither list, he gets redirected to index_user).
Take note that the users are just checked against an editable list of NT-Usernames. not against actual couch users. In fact, the only existing couch user is the main superadmin account.
At first I had an issue with users bookmarking the index_user page directly (because they would skip the "get the current NTUser" script and would show up as "empty" users. However, I managed to solve this by redirecting the visitor to the main index site if the user cookie was empty. This works like a charm now.
However, not all users reset their PC daily and most of them just keep the page open. The page itself refreshes every 60 seconds. However, when a user has been logged on for a long time (I think it's 24 hours), there are two problems:
1) If he creates a new ticket (which uses databound forms) and hits submit, the Security tokens do not tally for executing this action error gets thrown.
2) Status on existing tickets aren't updated properly (even after hitting F5 - an already denied ticket eg would still show up as "open" for the user (status display is basically a simple <cms:show status /> for each ticket (each ticket is a cloned page). This is especially baffling to me and might be an unrelated caching issue. However, opening the proper index.php fixed the problem.
My question now is: can I somehow tell couch to redirect back to index.php if the the security token has expired, or can I disable the function alltogether and allow databound forms to be submitted no matter what?