[SLING-1847] Redirect after logout does not work with form authentication - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: Form Based Authentication 1.0.0, Auth Core 1.0.2
Fix Version/s: Form Based Authentication 1.0.4
Component/s: Authentication
Labels:
None

Description

The redirectAfterLogout method of org.apache.sling.auth.core.impl.SlingAuthenticator is looking for a request attribute or parameter named "resource" to decide where to redirect after logout.

But, if there is a request parameter named "resource" on the request, the request never makes it to the LogoutServlet because the authenticationSucceeded method of the FormAuthenticationHandler is also looking for a request parameter with the same name and immediately redirecting to the specified resource which terminates the rest of the request processing. The user is never logged out before redirecting to the resource.

Attachments

Activity

People

Assignee:: Eric Norman

Reporter:: Eric Norman

Votes:: 0 Vote for this issue

Watchers:: 0 Start watching this issue

Dates

Created:: 19/Oct/10 05:03

Updated:: 20/Sep/19 11:34

Resolved:: 29/Mar/11 06:37