 |
|
Item13400: Logout fails to consider {ForceDefaultUrlHost} when redirecting after logout
Priority: Urgent
Current State: Closed
Released In: 2.0.0
Target Release: major
Current State: Closed
Released In: 2.0.0
Target Release: major
jomo, regarding the unsafe redirect ... The redirect is done by lib/Foswiki/LoginManager sub redirectToLoggedOutUrl {
It generates the rdirect using: $redirectUrl = $session->{request}->url() . $path_info; or $redirectUrl = $session->{request}->referer(); (if no path_info available)
You might add some debug print statements there to see what's in the url() and referrer() fields. I'm guessing that's where it's going awry for you. [01:20]
I don't have a proxy setup to try though so I'm not sure how to fix. it. [01:30]
jomo you could try changing:
- $redirectUrl = $session->{request}->url() . $path_info;
+ $redirectUrl = $session->{urlHost} . $path_info; [01:46]
...
jomo gac410: As usually, you found the bug. ;)
Changing the
- $redirectUrl = $session->{request}->url() . $path_info;
+ $redirectUrl = $session->{urlHost} . $path_info;
jomo helped - not the logout is OK . ;)
s/not/now/
thanx ;)
I'm not ready to check in a fix here because I'm unsure of how to handle the redirect to the "referrer", and when that use case occurs.
Crawford, Setting it waiting for your feedback. Do you have any wisdom about when referrer would be used during logout, vs. pathinfo. Code in LoginManger.pm around line 650:
my $redirectUrl;
if ($path_info) {
$redirectUrl = $session->{request}->url() . $path_info;
}
else {
$redirectUrl = $session->{request}->referer();
}
The fix I asked jomo to try unconditionally replaced the $session->{request}->url() with the $session->{urlHost}, For a releasable fix, I'm considering:
If ={ForceDefaultUrlHost}=,
ignore the current path_info & referrer considerations, and just use the ={urlHost} for the redirect,
else
use the current logic.
-- GeorgeClark - 09 May 2015
Checked in a fix, I think it should be fine.
-- GeorgeClark - 10 May 2015
Yes, that makes sense.
-- Main.CrawfordCurrie - 17 May 2015 - 12:22
ItemTemplate edit
| Summary | Logout fails to consider {ForceDefaultUrlHost} when redirecting after logout |
| ReportedBy | GeorgeClark |
| Codebase | 1.2.0 beta1, 1.1.9, trunk |
| SVN Range | |
| AppliesTo | Engine |
| Component | LoginManager |
| Priority | Urgent |
| CurrentState | Closed |
| WaitingFor | |
| Checkins | distro:a21dc67410ed |
| TargetRelease | major |
| ReleasedIn | 2.0.0 |
| CheckinsOnBranches | master |
| trunkCheckins | |
| masterCheckins | distro:a21dc67410ed |
| ItemBranchCheckins | |
| Release01x01Checkins |
Edit | Attach | Print version | History: r4 < r3 < r2 < r1 | Backlinks | View wiki text | Edit wiki text | More topic actions
Topic revision: r4 - 05 Jul 2015, GeorgeClark
The copyright of the content on this website is held by the contributing authors, except where stated elsewhere. See Copyright Statement. 
Legal Imprint Privacy Policy
Legal Imprint Privacy Policy