Redirect after logout does not work with form authentication
------------------------------------------------------------
Key: SLING-1847
URL: https://issues.apache.org/jira/browse/SLING-1847
Project: Sling
Issue Type: Bug
Components: Authentication
Affects Versions: Auth Core 1.0.2, Form Based Authentication 1.0.0
Reporter: Eric Norman
The redirectAfterLogout method of
org.apache.sling.auth.core.impl.SlingAuthenticator is looking for a request
attribute or parameter named "resource" to decide where to redirect after
logout.
But, if there is a request parameter named "resource" on the request, the
request never makes it to the LogoutServlet because the authenticationSucceeded
method of the FormAuthenticationHandler is also looking for a request parameter
with the same name and immediately redirecting to the specified resource which
terminates the rest of the request processing. The user is never logged out
before redirecting to the resource.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
