From c84eaa4d5f44524ea37f8c2444cbd53520d75a0c Mon Sep 17 00:00:00 2001
From: Rob Crittenden <rcritten@redhat.com>
Date: Thu, 26 Feb 2015 15:25:07 -0500
Subject: When a new logout session is received, save old session ids

When a new login session is received and an existing session
exists in logout, save the old session IDs.

These will be included in the sessions to logout of the SP.

This will ensure that if the user clears their cookie cache,
for example, that any previous sessions will also be logged
out.

https://fedorahosted.org/ipsilon/ticket/64

Signed-off-by: Rob Crittenden <rcritten@redhat.com>
---
 ipsilon/providers/saml2/logout.py | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'ipsilon/providers/saml2/logout.py')

diff --git a/ipsilon/providers/saml2/logout.py b/ipsilon/providers/saml2/logout.py
index 46aea6e..da8edcf 100644
--- a/ipsilon/providers/saml2/logout.py
+++ b/ipsilon/providers/saml2/logout.py
@@ -225,6 +225,10 @@ class LogoutRequest(ProviderPageBase):
                 raise cherrypy.HTTPRedirect(400, 'Failed to log out user: %s '
                                             % e)
 
+            # Now set the full list of session indexes to log out
+            req = logout.get_request()
+            req.setSessionIndexes(tuple(set(session.session_indexes)))
+
             session.set_logoutstate(logout.msgUrl, logout.request.id, None)
             us.save_provider_data('saml2', saml_sessions)
 
-- 
cgit