[VUFIND-1020] Logging out strips GET parameters Created: 20/Aug/14  Updated: 20/Aug/14  Resolved: 20/Aug/14

Status: Resolved
Project: VuFind®
Components: User Interface
Affects versions: 2.3
Fix versions: 2.3.1

Type: Bug Priority: Minor
Reporter: Demian Katz Assignee: Demian Katz
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original estimate: Not Specified


 Description   
If you log out while on a page whose URL contains GET parameters, those parameters will be stripped off after logging out. For example:

1.) Do a search for “test”
2.) Log in
3.) Log out
4.) You’re now on the results page for a blank search

This is not desirable behavior -- we should retain parameters.

 Comments   
Comment by Anna Headley [ 20/Aug/14 ]
Demian, I think you're right this must have been about stripping the login method parameters, which I am guessing were causing the user to just be logged in again immediately, thereby making logout have no effect.
Comment by Demian Katz [ 20/Aug/14 ]
Can you think of an easy way to test that theory off the top of your head? (If not, I'll play around myself... I assume there's probably something I can do with Shibboleth, but not sure if I'll see the same behavior with my fake Shib as you would with the real thing).
Comment by Anna Headley [ 20/Aug/14 ]
I think logging in via shib (you should see the parameters in your url bar) and then immediately logging out again would do it.
Comment by Demian Katz [ 20/Aug/14 ]
Hmm, no, not with my fake Shib, anyway. I turned on ChoiceAuth with Database and Shib, performed a search, logged in to Shib, and found myself redirected back to my search results with no additional GET parameters on the query. Tried a few other scenarios as well but couldn't see anything being added along the way.
Comment by Demian Katz [ 20/Aug/14 ]
Ahh, wait, I take it back! I see what's happening!

1. We store followup URL
2. We direct to Shibboleth with callback URL of MyResearch/Home?auth_method=Shibboleth
3. MyResearch/Home retrieves followup URL and redirects there

So the parameter does go through, but the user never sees it in their address bar.

It's possible that there's some edge case where the followup URL does not get stored and then the user just gets landed on MyResearch/Home?auth_method=Shibboleth. That's presumably what the logout parameter stripping is designed to address.
Comment by Anna Headley [ 20/Aug/14 ]
I will see what I can figure out!
Comment by Demian Katz [ 20/Aug/14 ]
Okay, I've been able to reproduce the problem, so now I'm going to work on a more targeted solution. I don't think this will be too hard.
Comment by Demian Katz [ 20/Aug/14 ]
Okay, I'm feeling pretty confident that this does the trick:

https://github.com/vufind-org/vufind/commit/295bdaaab1a632ebb2ade983dbd83678bf8270bb
Comment by Demian Katz [ 20/Aug/14 ]
Please let me know if I've broken anything on your end!
Generated at Fri Mar 29 12:00:50 UTC 2024 using Jira 1001.0.0-SNAPSHOT#100248-rev:6a03a54452e975225e04dfda06fdac6fd9e95b00.