[VUFIND-1020] Logging out strips GET parameters Created: 20/Aug/14 Updated: 20/Aug/14 Resolved: 20/Aug/14 |
|
Status: | Resolved |
Project: | VuFind® |
Components: | User Interface |
Affects versions: | 2.3 |
Fix versions: | 2.3.1 |
Type: | Bug | Priority: | Minor |
Reporter: | Demian Katz | Assignee: | Demian Katz |
Resolution: | Fixed | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original estimate: | Not Specified |
Description |
If you log out while on a page whose URL contains GET parameters, those parameters will be stripped off after logging out. For example: 1.) Do a search for “test” 2.) Log in 3.) Log out 4.) You’re now on the results page for a blank search This is not desirable behavior -- we should retain parameters. |
Comments |
Comment by Anna Headley [ 20/Aug/14 ] |
Demian, I think you're right this must have been about stripping the login method parameters, which I am guessing were causing the user to just be logged in again immediately, thereby making logout have no effect. |
Comment by Demian Katz [ 20/Aug/14 ] |
Can you think of an easy way to test that theory off the top of your head? (If not, I'll play around myself... I assume there's probably something I can do with Shibboleth, but not sure if I'll see the same behavior with my fake Shib as you would with the real thing). |
Comment by Anna Headley [ 20/Aug/14 ] |
I think logging in via shib (you should see the parameters in your url bar) and then immediately logging out again would do it. |
Comment by Demian Katz [ 20/Aug/14 ] |
Hmm, no, not with my fake Shib, anyway. I turned on ChoiceAuth with Database and Shib, performed a search, logged in to Shib, and found myself redirected back to my search results with no additional GET parameters on the query. Tried a few other scenarios as well but couldn't see anything being added along the way. |
Comment by Demian Katz [ 20/Aug/14 ] |
Ahh, wait, I take it back! I see what's happening! 1. We store followup URL 2. We direct to Shibboleth with callback URL of MyResearch/Home?auth_method=Shibboleth 3. MyResearch/Home retrieves followup URL and redirects there So the parameter does go through, but the user never sees it in their address bar. It's possible that there's some edge case where the followup URL does not get stored and then the user just gets landed on MyResearch/Home?auth_method=Shibboleth. That's presumably what the logout parameter stripping is designed to address. |
Comment by Anna Headley [ 20/Aug/14 ] |
I will see what I can figure out! |
Comment by Demian Katz [ 20/Aug/14 ] |
Okay, I've been able to reproduce the problem, so now I'm going to work on a more targeted solution. I don't think this will be too hard. |
Comment by Demian Katz [ 20/Aug/14 ] |
Okay, I'm feeling pretty confident that this does the trick: https://github.com/vufind-org/vufind/commit/295bdaaab1a632ebb2ade983dbd83678bf8270bb |
Comment by Demian Katz [ 20/Aug/14 ] |
Please let me know if I've broken anything on your end! |