VuFind
  1. VuFind
  2. VUFIND-1020

Logging out strips GET parameters

    Details

    • Type: Bug Bug
    • Status: Resolved
    • Priority: Minor Minor
    • Resolution: Fixed
    • Affects Version/s: 2.3
    • Fix Version/s: 2.3.1
    • Component/s: User Interface
    • Labels:
      None

      Description

      If you log out while on a page whose URL contains GET parameters, those parameters will be stripped off after logging out. For example:

      1.) Do a search for “test”
      2.) Log in
      3.) Log out
      4.) You’re now on the results page for a blank search

      This is not desirable behavior -- we should retain parameters.

        Activity

        Hide
        Anna Headley added a comment -
        Demian, I think you're right this must have been about stripping the login method parameters, which I am guessing were causing the user to just be logged in again immediately, thereby making logout have no effect.
        Show
        Anna Headley added a comment - Demian, I think you're right this must have been about stripping the login method parameters, which I am guessing were causing the user to just be logged in again immediately, thereby making logout have no effect.
        Hide
        Demian Katz added a comment -
        Can you think of an easy way to test that theory off the top of your head? (If not, I'll play around myself... I assume there's probably something I can do with Shibboleth, but not sure if I'll see the same behavior with my fake Shib as you would with the real thing).
        Show
        Demian Katz added a comment - Can you think of an easy way to test that theory off the top of your head? (If not, I'll play around myself... I assume there's probably something I can do with Shibboleth, but not sure if I'll see the same behavior with my fake Shib as you would with the real thing).
        Hide
        Anna Headley added a comment -
        I think logging in via shib (you should see the parameters in your url bar) and then immediately logging out again would do it.
        Show
        Anna Headley added a comment - I think logging in via shib (you should see the parameters in your url bar) and then immediately logging out again would do it.
        Hide
        Demian Katz added a comment -
        Hmm, no, not with my fake Shib, anyway. I turned on ChoiceAuth with Database and Shib, performed a search, logged in to Shib, and found myself redirected back to my search results with no additional GET parameters on the query. Tried a few other scenarios as well but couldn't see anything being added along the way.
        Show
        Demian Katz added a comment - Hmm, no, not with my fake Shib, anyway. I turned on ChoiceAuth with Database and Shib, performed a search, logged in to Shib, and found myself redirected back to my search results with no additional GET parameters on the query. Tried a few other scenarios as well but couldn't see anything being added along the way.
        Hide
        Demian Katz added a comment -
        Ahh, wait, I take it back! I see what's happening!

        1. We store followup URL
        2. We direct to Shibboleth with callback URL of MyResearch/Home?auth_method=Shibboleth
        3. MyResearch/Home retrieves followup URL and redirects there

        So the parameter does go through, but the user never sees it in their address bar.

        It's possible that there's some edge case where the followup URL does not get stored and then the user just gets landed on MyResearch/Home?auth_method=Shibboleth. That's presumably what the logout parameter stripping is designed to address.
        Show
        Demian Katz added a comment - Ahh, wait, I take it back! I see what's happening! 1. We store followup URL 2. We direct to Shibboleth with callback URL of MyResearch/Home?auth_method=Shibboleth 3. MyResearch/Home retrieves followup URL and redirects there So the parameter does go through, but the user never sees it in their address bar. It's possible that there's some edge case where the followup URL does not get stored and then the user just gets landed on MyResearch/Home?auth_method=Shibboleth. That's presumably what the logout parameter stripping is designed to address.
        Hide
        Anna Headley added a comment -
        I will see what I can figure out!
        Show
        Anna Headley added a comment - I will see what I can figure out!
        Hide
        Demian Katz added a comment -
        Okay, I've been able to reproduce the problem, so now I'm going to work on a more targeted solution. I don't think this will be too hard.
        Show
        Demian Katz added a comment - Okay, I've been able to reproduce the problem, so now I'm going to work on a more targeted solution. I don't think this will be too hard.
        Hide
        Demian Katz added a comment -
        Okay, I'm feeling pretty confident that this does the trick:

        https://github.com/vufind-org/vufind/commit/295bdaaab1a632ebb2ade983dbd83678bf8270bb
        Show
        Demian Katz added a comment - Okay, I'm feeling pretty confident that this does the trick: https://github.com/vufind-org/vufind/commit/295bdaaab1a632ebb2ade983dbd83678bf8270bb
        Hide
        Demian Katz added a comment -
        Please let me know if I've broken anything on your end!
        Show
        Demian Katz added a comment - Please let me know if I've broken anything on your end!

          People

          • Assignee:
            Demian Katz
            Reporter:
            Demian Katz
          • Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved: