You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@sling.apache.org by "Eric Norman (JIRA)" <ji...@apache.org> on 2010/10/19 07:05:12 UTC

[jira] Created: (SLING-1847) Redirect after logout does not work with form authentication

Redirect after logout does not work with form authentication
------------------------------------------------------------

                 Key: SLING-1847
                 URL: https://issues.apache.org/jira/browse/SLING-1847
             Project: Sling
          Issue Type: Bug
          Components: Authentication
    Affects Versions: Auth Core 1.0.2, Form Based Authentication 1.0.0
            Reporter: Eric Norman


The redirectAfterLogout method of org.apache.sling.auth.core.impl.SlingAuthenticator is looking for a request attribute or parameter named "resource" to decide where to redirect after logout.

But, if there is a request parameter named "resource" on the request, the request never makes it to the LogoutServlet because the authenticationSucceeded method of the FormAuthenticationHandler is also looking for a request parameter with the same name and immediately redirecting to the specified resource which terminates the rest of the request processing.  The user is never logged out before redirecting to the resource.


-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.