You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@sling.apache.org by "Eric Norman (JIRA)" <ji...@apache.org> on 2010/10/19 07:05:12 UTC
[jira] Created: (SLING-1847) Redirect after logout does not work
with form authentication
Redirect after logout does not work with form authentication
------------------------------------------------------------
Key: SLING-1847
URL: https://issues.apache.org/jira/browse/SLING-1847
Project: Sling
Issue Type: Bug
Components: Authentication
Affects Versions: Auth Core 1.0.2, Form Based Authentication 1.0.0
Reporter: Eric Norman
The redirectAfterLogout method of org.apache.sling.auth.core.impl.SlingAuthenticator is looking for a request attribute or parameter named "resource" to decide where to redirect after logout.
But, if there is a request parameter named "resource" on the request, the request never makes it to the LogoutServlet because the authenticationSucceeded method of the FormAuthenticationHandler is also looking for a request parameter with the same name and immediately redirecting to the specified resource which terminates the rest of the request processing. The user is never logged out before redirecting to the resource.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.