[ https://issues.apache.org/jira/browse/OFBIZ-4959?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Jacques Le Roux closed OFBIZ-4959. ---------------------------------- Resolution: Fixed Fix Version/s: 16.11.05 17.12.01 Fixed in trunk r1824803 R17.12 r1824804 R16.11 r1824805 > Logout do not remove autoLogin > ------------------------------ > > Key: OFBIZ-4959 > URL: https://issues.apache.org/jira/browse/OFBIZ-4959 > Project: OFBiz > Issue Type: Bug > Components: ALL COMPONENTS > Affects Versions: Release 09.04, Release 10.04 > Environment: Windows 2003 Server. Apache Ofbiz 2004 and Ofbiz 10 > Reporter: Roberto BenÃtez Monje > Assignee: Jacques Le Roux > Priority: Major > Labels: logout, security > Fix For: 17.12.01, 16.11.05 > > Attachments: OFBIZ-4959.patch, OFBIZ-4959.patch > > Original Estimate: 70,056h > Remaining Estimate: 70,056h > > Logout method do not disable autoLogin functionality. Instead of that it just > initializes autoLogin in session and request. > It have to be replace autoLoginCheck for autoLoginRemove inside of logout > method. > {code:title=LoginEvents/LoginWorker.java|borderStyle=solid} > public static String logout(HttpServletRequest request, HttpServletResponse > response) { > // invalidate the security group list cache > GenericValue userLogin = (GenericValue) > request.getSession().getAttribute("userLogin"); > String returnValue = "success"; > if (request.getAttribute("_AUTO_LOGIN_LOGOUT_") == null) { > try { > returnValue = autoLoginRemove(request, response); > } catch (IOException e) { > Debug.logWarning(e, "", module); > } > } > // log out from all other sessions too; do this here so that it is only > done when a user explicitly logs out > logoutFromAllSessions(userLogin); > doBasicLogout(userLogin, request); > return returnValue; > } > {code} -- This message was sent by Atlassian JIRA (v7.6.3#76005)