Source: dacs Version: 1.4.27b-2 Severity: wishlist Hello,
Thank you for maintaining dacs. Today I have implemented logging a user out of all our DACS sites. An example use case for it would be making sure that access is completely revoked before allowing another family member to use my computer. Since we do not have a single global cookie, but do auth transfer across sites, logging out means giving each site a chance to talk to the browser to expire its cookie. My first idea was to build a redirect chain and then redirect to something like this: https://site1/dacs_signout?next=http%3A//site/dacs_signout2%3Fnext%3Dhttp%253A//site3/dacs_signout But dacs_signout does not support beign passed a redirect url, and only redirects to a single url as set in DACS configuration. So, in my logout page, I created a cookie that contains the list of dacs_signout urls to be visited, and then I rely on dacs_signout always redirecting to my logout page. That almost worked, but the redirect dance stops at the first site for which the user had not transferred credentials: in that case, dacs_signout would show an explanatory page, breaking the redirect chain. In the end, I implemented a dacs_signout wrapper, which checks if the user if logged in before redirecting to dacs_signout. If the user was not logged in, it redirects directly back to the logout page. It works, but it means that logging out can require up to 3 redirect steps for each domain to which we can potentially transfer auth. If I could pass a redirect url to dacs_signout, and have it called anyway, whether the user was logged in or not, then logging out could require 1 redirect step per domain, with each dacs_signout redirecting to the next dacs_signout in the chain, and that would be the optimal numoer of redirects, since we do need to visit each domain at least once. Ciao, Enrico -- System Information: Debian Release: jessie/sid APT prefers testing APT policy: (500, 'testing') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.12-1-amd64 (SMP w/4 CPU cores) Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]

