Change session handling

Stop using memcache, use mod_auth_gssapi filesystem based ccaches.
Remove custom session handling, use mod_auth_gssapi and mod_session to
establish and keep a session cookie.
Add loopback to mod_auth_gssapi to do form absed auth and pass back a
valid session cookie.
And now that we do not remove ccaches files to move them to the
memcache, we can avoid the risk of pollutting the filesystem by keeping
a common ccache file for all instances of the same user.

https://fedorahosted.org/freeipa/ticket/5959

Signed-off-by: Simo Sorce <simo@redhat.com>

1 files changed, 5 insertions, 10 deletions

diff --git a/ipaserver/plugins/session.py b/ipaserver/plugins/session.py
index 0efb53c88..c700ab9ba 100644
--- a/ipaserver/plugins/session.py
+++ b/ipaserver/plugins/session.py
@@ -5,7 +5,7 @@
 from ipalib import Command
 from ipalib.request import context
 from ipalib.plugable import Registry
-from ipaserver.session import get_session_mgr
+from ipaserver.session import logout
 
 register = Registry()
 
@@ -18,15 +18,10 @@ class session_logout(Command):
     NO_CLI = True
 
     def execute(self, *args, **options):
-        session_data = getattr(context, 'session_data', None)
-        if session_data is None:
-            self.debug('session logout command: no session_data found')
-        else:
-            session_id = session_data.get('session_id')
-            self.debug('session logout command: session_id=%s', session_id)
+        ccache_name = getattr(context, 'ccache_name', None)
+        if ccache_name is None:
+            self.debug('session logout command: no ccache_name found')
 
-            # Notifiy registered listeners
-            session_mgr = get_session_mgr()
-            session_mgr.auth_mgr.logout(session_data)
+        logout(ccache_name)
 
         return dict(result=None)