From 908d2eaba46f5f123b49af400a8b696545c62b54 Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Feb 22 2017 09:15:50 +0000 Subject: Fix session logout There were 2 issues with session logouts, one is that the logout_cookie was checked and acted on in the wrong place, the other is that the wrong value was set in the IPASESSION header. Fixes https://fedorahosted.org/freeipa/ticket/6685 Signed-off-by: Simo Sorce Reviewed-By: Stanislav Laznicka --- diff --git a/ipaserver/plugins/session.py b/ipaserver/plugins/session.py index 8e480ed..a049cd9 100644 --- a/ipaserver/plugins/session.py +++ b/ipaserver/plugins/session.py @@ -23,6 +23,6 @@ class session_logout(Command): else: delattr(context, 'ccache_name') - setattr(context, 'logout_cookie', '') + setattr(context, 'logout_cookie', 'MagBearerToken=') return dict(result=None) diff --git a/ipaserver/rpcserver.py b/ipaserver/rpcserver.py index f5c520f..25f2740 100644 --- a/ipaserver/rpcserver.py +++ b/ipaserver/rpcserver.py @@ -434,6 +434,10 @@ class WSGIExecutioner(Executioner): response = status.encode('utf-8') headers = [('Content-Type', 'text/plain; charset=utf-8')] + logout_cookie = getattr(context, 'logout_cookie', None) + if logout_cookie is not None: + headers.append(('IPASESSION', logout_cookie)) + start_response(status, headers) return [response] @@ -639,10 +643,6 @@ class KerberosWSGIExecutioner(WSGIExecutioner, KerberosSession): return self.marshal(None, CCacheError()) - logout_cookie = getattr(context, 'logout_cookie', None) - if logout_cookie: - self.headers.append(('IPASESSION', logout_cookie)) - try: self.create_context(ccache=user_ccache) response = super(KerberosWSGIExecutioner, self).__call__(