Fix session logout

There were 2 issues with session logouts, one is that the logout_cookie
was checked and acted on in the wrong place, the other is that the wrong
value was set in the IPASESSION header.

Fixes https://fedorahosted.org/freeipa/ticket/6685

Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>

2 files changed, 5 insertions, 5 deletions

diff --git a/ipaserver/plugins/session.py b/ipaserver/plugins/session.py
index 8e480ed7d..a049cd946 100644
--- a/ipaserver/plugins/session.py
+++ b/ipaserver/plugins/session.py
@@ -23,6 +23,6 @@ class session_logout(Command):
         else:
             delattr(context, 'ccache_name')
 
-        setattr(context, 'logout_cookie', '')
+        setattr(context, 'logout_cookie', 'MagBearerToken=')
 
         return dict(result=None)
diff --git a/ipaserver/rpcserver.py b/ipaserver/rpcserver.py
index f5c520f28..25f2740ea 100644
--- a/ipaserver/rpcserver.py
+++ b/ipaserver/rpcserver.py
@@ -434,6 +434,10 @@ class WSGIExecutioner(Executioner):
             response = status.encode('utf-8')
             headers = [('Content-Type', 'text/plain; charset=utf-8')]
 
+        logout_cookie = getattr(context, 'logout_cookie', None)
+        if logout_cookie is not None:
+            headers.append(('IPASESSION', logout_cookie))
+
         start_response(status, headers)
         return [response]
 
@@ -639,10 +643,6 @@ class KerberosWSGIExecutioner(WSGIExecutioner, KerberosSession):
 
             return self.marshal(None, CCacheError())
 
-        logout_cookie = getattr(context, 'logout_cookie', None)
-        if logout_cookie:
-            self.headers.append(('IPASESSION', logout_cookie))
-
         try:
             self.create_context(ccache=user_ccache)
             response = super(KerberosWSGIExecutioner, self).__call__(