That's great. The next step is when user logout, as you see when dashboard user logout, we need to clear the $_SESSION["login_id"]
. We do it by following:
1) Create your own MyLogin page which inherited from our Login page and adding further actionLogout
class MyLogin extends \koolreport\dashboard\pages\Login
{
protected function actionLogout($request, $response) {
parent::actionLogout($request,$response);
$_SESSION["login_id"] = null;
// unset($_SESSION["login_id"]); // or this code
}
}
2) Now in your App of dashboard, you use MyLogin instead of our Login inside login()
method:
protected function login()
{
return MyLogin::create()->authenticate(...);
}
So basically, when user hit logout, the session value will be removed and user could not access the report inside iframe directly.
Hope that helps.