[Reactive Web] Run action On Logout events, close browser, timeouts, etc.

Hello everyone

I was wondering if there are reliable ways to know when a user's session has finished so I can trigger an action to delete a row off a database.

 The reason why is because we have a whole ecosystem of apps in Outsystems and the requirement is that one of them has 2 factor authentication. 

The implementation of 2FA was rather straight forward, but since it's a whole ecosystem, you could go into another application, log in there, and then navigate to our application and bypass 2FA. 

My idea was to create a row in a table, saying when was the last time that user passed 2FA, and delete this row when user logs out. Adding the delete action on the Logout action is easy, but that's the best case scenario when the User logs out manually. It doesn't cover the 'automatic' log outs: close the browser, shut down the computer, idle session time out. 

Any ideas on how to deal with this?

Hi Mariano,

you need to add a JS node on layout level on initialise and configure session time out as input may be from site-property and write timeout function and once time is over call any actions having event inside. So for that event, we need to write handler and write logic as per requirements.


Hi Mariano,

this is not an answer to your question, but maybe offers a different approach.  

Are you using the standard OS Users application as your user provider ?

How about, on entering each screen of your modules that should be protected behind 2FA, if the user is already logged in, you compare the last time the 2FA was executed (that row you create in your own custom table) to the last time this user has logged in (in the Users entity).  Would that not give you the information you need without having to rely on correctly capturing all types of logouts ?

If the last login is later than let's say last 2FA + 2 seconds (or even less than 2 seconds, maybe), you can log them out and force them to do a full 2FA login.

Dorine

Community GuidelinesBe kind and respectful, give credit to the original source of content, and search for duplicates before posting.