XQuery/Login and Logout

Motivation
You want to log users into the system and log them out.

Method
We will use the following functions to create login and logout forms:

xmldb:login($collection, $user, $password, true) session:create session:invalidate

Logging In
To login we need to first create a new session and then use this session to store our login information:

session:create xmldb:login($collection, $user, $password, true)

This changes the effective user executing the current query and stores that user information into the HTTP session, so subsequent queries within the same session will also execute with the same user rights. Note that you must use "true" as the fourth argument to the login function.

Logging Out
To log a user out use:

session:invalidate

as well as session:clear will remove the user binding from the session, which means that the next call to the query will run as guest. However, the currently executing query will still use the old non-guest user until it completes.

In this example we have both call to xdb:login as guest and session:invalidate. We want to do both, clear the session for future queries as well as reset the current user for the rest of the query.

Timeout setting
You can also change the default timeout setting by changing the Jetty configuration file here:

$EXIST_HOME/tools/jetty/etc/webdefault.xml

By default the configuration files sets the session timeout to 30 minutes:

Note:

In the future there may be xmldb:logout function which combines both steps. Another approach could be to handle the login/ logout within a controller.xql and thus separate it from the main query.