From 8b88ef00331f1fbb28802b3eba5ced62daeffc9e Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Fri, 19 Aug 2016 09:23:55 -0400 Subject: Change session handling Stop using memcache, use mod_auth_gssapi filesystem based ccaches. Remove custom session handling, use mod_auth_gssapi and mod_session to establish and keep a session cookie. Add loopback to mod_auth_gssapi to do form absed auth and pass back a valid session cookie. And now that we do not remove ccaches files to move them to the memcache, we can avoid the risk of pollutting the filesystem by keeping a common ccache file for all instances of the same user. https://fedorahosted.org/freeipa/ticket/5959 Signed-off-by: Simo Sorce --- ipaserver/plugins/session.py | 15 +++++---------- 1 file changed, 5 insertions(+), 10 deletions(-) (limited to 'ipaserver/plugins') diff --git a/ipaserver/plugins/session.py b/ipaserver/plugins/session.py index 0efb53c88..c700ab9ba 100644 --- a/ipaserver/plugins/session.py +++ b/ipaserver/plugins/session.py @@ -5,7 +5,7 @@ from ipalib import Command from ipalib.request import context from ipalib.plugable import Registry -from ipaserver.session import get_session_mgr +from ipaserver.session import logout register = Registry() @@ -18,15 +18,10 @@ class session_logout(Command): NO_CLI = True def execute(self, *args, **options): - session_data = getattr(context, 'session_data', None) - if session_data is None: - self.debug('session logout command: no session_data found') - else: - session_id = session_data.get('session_id') - self.debug('session logout command: session_id=%s', session_id) + ccache_name = getattr(context, 'ccache_name', None) + if ccache_name is None: + self.debug('session logout command: no ccache_name found') - # Notifiy registered listeners - session_mgr = get_session_mgr() - session_mgr.auth_mgr.logout(session_data) + logout(ccache_name) return dict(result=None) -- cgit