+ Start a Discussion
zachzach 

Is it possible to log someone out and then log someone in on an s-control?

Wierd question, but here's what I'm trying to do...

I have an s-control that allows users to link accounts with account essentials (in a custom object called account essentials relationship).  The problem I'm running into is that the objects/fields I'm calling from Account have custome indexes and in order to view custom indexed fields you must have view all data permissions.  The people running this s-control will not have view all data permissions.

So, what I'd like to do is when the page loads, save the current user's getUserInfo() information to a global variable & then log that person out, log in another user who has view all data permissions, and run the s-control.

The reason I want to save the user's information is because there is a date/time/user stamp put on the additions/deletions/changes made to the account essentials relationship object and I want that stamp to contain the person's info that initially ran the report... Not the secondary user who has view all data permissions.

Anyway, the short of it is I'd like to know if there's a way to logout one user and log in another user without the first user actually knowing about it.

Thanks,
-Zach
DevAngelDevAngel
Hi zach,

You don't actually have to log them out to run an scontrol in the context of another user.  You can just use the login call since the ajax toolkit doesn't consume or update the browser cookie values that hold the current user session information.

The big problem as I see it is how to protect the login credentials for your view all data user.  Javascript is not secure and to log in the view all data user you would need to code the username and password into your javascript.
zachzach
Thanks for the reply & we've set up a dummy user that has view all data permissions, but is locked down to only see the tables that are accessed in this s-control.  So, if I just call sforceClient.login() with the dummy user's username and password it should be fine?

Thanks,
-Zach
DevAngelDevAngel
Sure.  As I mentioned, the toolkit is not aware of or influence the user session on the browser.

Cheers