cross
New Foswiki release 2.1.6 is available with important security fixes.
Sourceforge foswiki email lists being discontinued. Subscribe to the new Foswiki announce and discuss lists at MailingLists
You are here: Foswiki>Tasks Web>Item11904 (02 Dec 2012, GeorgeClark)Edit Attach

Item11904: Split out logout code from LoginManager

pencil
Priority: Enhancement
Current State: Closed
Released In: 1.1.6
Target Release: patch
Applies To: Engine
Component:
Branches: Release01x01 trunk
Reported By: ArthurClemens
Waiting For:
Last Change By: GeorgeClark
I am updating a client-built LoginManager subclass, based on ApacheLogin. It needs to perform some actions on logout: clear cookie, go to a specific address to log off completely. Currently there is a long subroutine "loadSession" in LoginManager. Instead of copying it and changing a couple of lines, I think it is better to let LoginManager.pm have a _logout routine and override this.

So this code would get repositioned (line 433-460 in release branche):
_trace( $this, "User is logging out" );
$session->logEvent( 'logout', ' ',
    "AUTHENTICATION LOGOUT - $authUser - " );

#TODO: consider if we should risk passing on the urlparams on logout
my $path_info = $session->{request}->path_info();
if ( my $topic = $session->{request}->param('topic') )
{    #we should at least respect the ?topic= request
    my $topicRequest = Foswiki::Sandbox::untaintUnchecked(
        $session->{request}->param('topic') );
    my ( $web, $topic ) =
      $this->{session}
      ->normalizeWebTopicName( undef, $topicRequest );
    $path_info = '/' . $web . '/' . $topic;
}

my $redirectUrl;
if ($path_info) {
    $redirectUrl = $session->{request}->url() . $path_info;
}
else {
    $redirectUrl = $session->{request}->referer();
}

#lets avoid infinite loops
$session->{request}->delete('logout');
$authUser = $defaultUser;
$session->redirect( $redirectUrl, 0 );

-- ArthurClemens - 29 May 2012

By convention the subroutines starting with an underscore are meant for local use only. So requiring to override an underscore method is a bit odd. Naming it differently would help.

-- MichaelDaum - 30 May 2012

I agree. It is now redirectToLoggedOutUrl.

-- ArthurClemens - 30 May 2012

 
Topic revision: r9 - 02 Dec 2012, GeorgeClark - This page was cached on 22 Mar 2018 - 17:47.

The copyright of the content on this website is held by the contributing authors, except where stated elsewhere. See Copyright Statement. Creative Commons License