From 908d2eaba46f5f123b49af400a8b696545c62b54 Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Mon, 20 Feb 2017 12:38:11 -0500 Subject: Fix session logout There were 2 issues with session logouts, one is that the logout_cookie was checked and acted on in the wrong place, the other is that the wrong value was set in the IPASESSION header. Fixes https://fedorahosted.org/freeipa/ticket/6685 Signed-off-by: Simo Sorce Reviewed-By: Stanislav Laznicka --- ipaserver/plugins/session.py | 2 +- ipaserver/rpcserver.py | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/ipaserver/plugins/session.py b/ipaserver/plugins/session.py index 8e480ed7d..a049cd946 100644 --- a/ipaserver/plugins/session.py +++ b/ipaserver/plugins/session.py @@ -23,6 +23,6 @@ class session_logout(Command): else: delattr(context, 'ccache_name') - setattr(context, 'logout_cookie', '') + setattr(context, 'logout_cookie', 'MagBearerToken=') return dict(result=None) diff --git a/ipaserver/rpcserver.py b/ipaserver/rpcserver.py index f5c520f28..25f2740ea 100644 --- a/ipaserver/rpcserver.py +++ b/ipaserver/rpcserver.py @@ -434,6 +434,10 @@ class WSGIExecutioner(Executioner): response = status.encode('utf-8') headers = [('Content-Type', 'text/plain; charset=utf-8')] + logout_cookie = getattr(context, 'logout_cookie', None) + if logout_cookie is not None: + headers.append(('IPASESSION', logout_cookie)) + start_response(status, headers) return [response] @@ -639,10 +643,6 @@ class KerberosWSGIExecutioner(WSGIExecutioner, KerberosSession): return self.marshal(None, CCacheError()) - logout_cookie = getattr(context, 'logout_cookie', None) - if logout_cookie: - self.headers.append(('IPASESSION', logout_cookie)) - try: self.create_context(ccache=user_ccache) response = super(KerberosWSGIExecutioner, self).__call__( -- cgit