1 Reply Latest reply on Jul 13, 2009 8:22 AM by jbenson@oper8

    AirBrowser - How to clear existing session value?

    Subbu-AE-LR

      Hi,
      We face the below mentioned problem. Would be great if someone could help us.

       

      Due to problems with uploading the attachment here, please send a email to the following email-id (adobeattachments@gmail.com) and I shall send the attachment in response.

       

      WEBKit Browser is using existing session data. Browser retains session history and is a security concern.

       

      * Steps to Reproduce:
      1. Install AirBrowser.air and execute code.
      2. First go to yahoomail.com and login to an email account.
      3. In URL type Google.com
      4. After the page gets loaded, click browser "Back". Yahoo email Session will still be retained.

       

      * Actual Result:
      Yahoo Login Session is maintained

       

      * Expected Result:
      Yahoo Login Session to be cleared. Or, Warning Page should be shown.

       

      * Any Workarounds: None

       

      Thanks in advance.

        • 1. Re: AirBrowser - How to clear existing session value?
          jbenson@oper8 Level 2

          After looking at your code, the behaviour you're experiencing is expected.

           

          AIR uses the webkit browser and therefore when you open a web page (like in your example) you are essentially opening a page in a browser within your application.  The web server defines a unique session ID for your visit (and stores cookies etc).  When you goto Yahoo, then visit google, then go back to yahoo, the cookies or session continue to identify you and therefore yahoo automatically takes you to your mail or other yahoo specific page.

           

          The last I checked, AIR cookies are operating system cookies.  At present I think IE also stores it's cookies that way.  So clearing IE's cookies should affect Adobe AIR as well.  (This behaviour is not so well documented and it's one of the places I hope the docs improve upon.)

           

          If your application was for a public internet terminal you would want to warn people to logout of their accounts before leaving the system.   (However this kind of warning would be standard anyway I would hope.)

           

          I hope that helps