fix: revert frontChannelLogout impl.

2026-05-08 09:27:12 +00:00 · 2022-01-25 11:36:41 +01:00
parent 768aa7af49
commit 413b8dfc19
1 changed files with 7 additions and 18 deletions
--- a/pkg/router/handler_frontchannellogout.go
+++ b/pkg/router/handler_frontchannellogout.go
@@ -1,26 +1,27 @@
 package router

 import (
-	log "github.com/sirupsen/logrus"
 	"net/http"
+
+	log "github.com/sirupsen/logrus"
 )

 // FrontChannelLogout triggers logout triggered by a third-party.
 func (h *Handler) FrontChannelLogout(w http.ResponseWriter, r *http.Request) {
-	sessionParamKeys := []string{"sid", "session_state"}
-	externalSessionID := extractExternalSessionID(r, sessionParamKeys)
+	params := r.URL.Query()
+	sid := params.Get("sid")

 	// Unconditionally destroy all local references to the session.
 	h.deleteCookie(w, SessionCookieName, h.Cookies)

-	if len(externalSessionID) == 0 {
-		log.Infof("any of parameters %q not set in request; ignoring", sessionParamKeys)
+	if len(sid) == 0 {
+		log.Info("sid parameter not set in request; ignoring")
 		h.DeleteSessionFallback(w, r)
 		w.WriteHeader(http.StatusOK)
 		return
 	}

-	sessionID := h.localSessionID(externalSessionID)
+	sessionID := h.localSessionID(sid)

 	err := h.destroySession(w, r, sessionID)
 	if err != nil {
@@ -30,15 +31,3 @@ func (h *Handler) FrontChannelLogout(w http.ResponseWriter, r *http.Request) {

 	w.WriteHeader(http.StatusOK)
 }
-
-func extractExternalSessionID(r *http.Request, paramKeys []string) string {
-	params := r.URL.Query()
-	var sessionId = ""
-	for _, k := range paramKeys {
-		sessionId = params.Get(k)
-		if len(sessionId) != 0 {
-			return sessionId
-		}
-	}
-	return sessionId
-}