URL: https://github.com/freeipa/freeipa/pull/485
Author: simo5
 Title: #485: Fix session logout
Action: opened

PR body:
"""
There were 2 issues with session logouts, one is that the logout_cookie
was checked and acted on in the wrong place, the other is that the wrong
value was set in the IPASESSION header.

Fixes https://fedorahosted.org/freeipa/ticket/6685

Signed-off-by: Simo Sorce <s...@redhat.com>
"""

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/485/head:pr485
git checkout pr485
From 85eb3103c04e6e125bdb1d09caed6a94580a7592 Mon Sep 17 00:00:00 2001
From: Simo Sorce <s...@redhat.com>
Date: Mon, 20 Feb 2017 12:38:11 -0500
Subject: [PATCH] Fix session logout

There were 2 issues with session logouts, one is that the logout_cookie
was checked and acted on in the wrong place, the other is that the wrong
value was set in the IPASESSION header.

Fixes https://fedorahosted.org/freeipa/ticket/6685

Signed-off-by: Simo Sorce <s...@redhat.com>
---
 ipaserver/plugins/session.py | 2 +-
 ipaserver/rpcserver.py       | 8 ++++----
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/ipaserver/plugins/session.py b/ipaserver/plugins/session.py
index 8e480ed..a049cd9 100644
--- a/ipaserver/plugins/session.py
+++ b/ipaserver/plugins/session.py
@@ -23,6 +23,6 @@ def execute(self, *args, **options):
         else:
             delattr(context, 'ccache_name')
 
-        setattr(context, 'logout_cookie', '')
+        setattr(context, 'logout_cookie', 'MagBearerToken=')
 
         return dict(result=None)
diff --git a/ipaserver/rpcserver.py b/ipaserver/rpcserver.py
index f5c520f..25f2740 100644
--- a/ipaserver/rpcserver.py
+++ b/ipaserver/rpcserver.py
@@ -434,6 +434,10 @@ def __call__(self, environ, start_response):
             response = status.encode('utf-8')
             headers = [('Content-Type', 'text/plain; charset=utf-8')]
 
+        logout_cookie = getattr(context, 'logout_cookie', None)
+        if logout_cookie is not None:
+            headers.append(('IPASESSION', logout_cookie))
+
         start_response(status, headers)
         return [response]
 
@@ -639,10 +643,6 @@ def __call__(self, environ, start_response):
 
             return self.marshal(None, CCacheError())
 
-        logout_cookie = getattr(context, 'logout_cookie', None)
-        if logout_cookie:
-            self.headers.append(('IPASESSION', logout_cookie))
-
         try:
             self.create_context(ccache=user_ccache)
             response = super(KerberosWSGIExecutioner, self).__call__(
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to