Details

    • Type: Bug Bug
    • Status: Closed
    • Priority: Major Major
    • Resolution: Incomplete
    • Affects Version/s: Release 09.04, Release 10.04
    • Fix Version/s: None
    • Component/s: ALL COMPONENTS
    • Labels:
    • Environment:

      Windows 2003 Server. Apache Ofbiz 2004 and Ofbiz 10

      Description

      Logout method do not disable autoLogin functionality. Instead of that it just initializes autoLogin in session and request.

      It have to be replace autoLoginCheck for autoLoginRemove inside of logout method.

      LoginEvents/LoginWorker.java
      public static String logout(HttpServletRequest request, HttpServletResponse response) {
      	// invalidate the security group list cache
      	GenericValue userLogin = (GenericValue) request.getSession().getAttribute("userLogin");
      	String returnValue = "success";
      	if (request.getAttribute("_AUTO_LOGIN_LOGOUT_") == null) {
      		try {
      			returnValue = autoLoginRemove(request, response);
      		} catch (IOException e) {
      			Debug.logWarning(e, "", module);
      		}
      	}
      	// log out from all other sessions too; do this here so that it is only done when a user explicitly logs out
      	logoutFromAllSessions(userLogin);
      
      	doBasicLogout(userLogin, request);
      
      	return returnValue;
      }
      

        Activity

          People

          • Assignee:
            Jacques Le Roux
            Reporter:
            Roberto Benítez Monje
          • Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Time Tracking

              Estimated:
              Original Estimate - 70,056h
              70,056h
              Remaining:
              Remaining Estimate - 70,056h
              70,056h
              Logged:
              Time Spent - Not Specified
              Not Specified

                Development