guacamole-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mike Jumper <mjum...@apache.org>
Subject Re: Not clearing browser cache
Date Fri, 28 Jun 2019 17:49:26 GMT
On Fri, Jun 28, 2019, 07:34 sciUser <shulbert@securitycentric.net> wrote:

> Hello
>
> Find the main index.html (located in the tomcat / guacamole directory) and
> just after the header add java code to delete cookies.
>

Please do not do this.

First, if the intent is that auth data is not stored, there is a mechanism
for this already. There is need for such a hack. See below.

Second, Guacamole does not use cookies for authentication since 1.0.0. This
will have no effect.

I use this so when if the browser is closed or refreshed the cookies are
> gone and the user needs re-authentication.


If the intent is to not store auth data such each new tab will effectively
have its own session, the mechanism provided for this is the anonymous user
identifier:

http://guacamole.apache.org/doc/guacamole-ext/org/apache/guacamole/net/auth/AuthenticatedUser.html#ANONYMOUS_IDENTIFIER

A user authenticated as having the username "" will be rendered differently
and their session token will be stored only in memory.

- Mike

Mime
View raw message