When a new logout session is received, save old session idslogout_session

When a new login session is received and an existing session
exists in logout, save the old session IDs.

These will be included in the sessions to logout of the SP.

This will ensure that if the user clears their cookie cache,
for example, that any previous sessions will also be logged
out.

https://fedorahosted.org/ipsilon/ticket/64

Signed-off-by: Rob Crittenden <rcritten@redhat.com>

1 files changed, 4 insertions, 0 deletions

diff --git a/ipsilon/providers/saml2/logout.py b/ipsilon/providers/saml2/logout.py
index 46aea6e..da8edcf 100644
--- a/ipsilon/providers/saml2/logout.py
+++ b/ipsilon/providers/saml2/logout.py
@@ -225,6 +225,10 @@ class LogoutRequest(ProviderPageBase):
                 raise cherrypy.HTTPRedirect(400, 'Failed to log out user: %s '
                                             % e)
 
+            # Now set the full list of session indexes to log out
+            req = logout.get_request()
+            req.setSessionIndexes(tuple(set(session.session_indexes)))
+
             session.set_logoutstate(logout.msgUrl, logout.request.id, None)
             us.save_provider_data('saml2', saml_sessions)