github/wonderwall
1
0
Fork 0
mirror of https://github.com/nais/wonderwall.git synced 2026-05-09 01:47:03 +00:00
Code Issues Packages Projects Releases Wiki Activity

use correct session ID for front-channel logout

Browse Source
This commit is contained in:
Trong Huu Nguyen
2021-08-26 10:35:45 +02:00
parent 723f25326c
commit da4f6dc6a7
1 changed files with 5 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
pkg/router/router.go
View File

@@ -246,6 +246,7 @@ func (h *Handler) Callback(w http.ResponseWriter, r *http.Request) {
return
}
// TODO: should probably redirect to desired path after login
http.Redirect(w, r, "/", http.StatusTemporaryRedirect)
}
@@ -345,7 +346,9 @@ func (h *Handler) FrontChannelLogout(w http.ResponseWriter, r *http.Request) {
return
}
sess, err := h.Sessions.Read(r.Context(), h.localSessionID(sid))
sessionID := h.localSessionID(sid)
sess, err := h.Sessions.Read(r.Context(), sessionID)
if err != nil {
// Can't remove session because it doesn't exist. Maybe it was garbage collected.
// We regard this as a redundant logout and return 200 OK.
@@ -367,7 +370,7 @@ func (h *Handler) FrontChannelLogout(w http.ResponseWriter, r *http.Request) {
}
// All verified; delete session.
err = h.Sessions.Delete(r.Context(), sid)
err = h.Sessions.Delete(r.Context(), sessionID)
if err != nil {
log.Error(err)
w.WriteHeader(http.StatusInternalServerError)