Skip to content

Unexpected logout behaviour when SLO is enabled #11

New issue
New issue
Open
Open
Unexpected logout behaviour when SLO is enabled#11
@mfprimo

Description

@mfprimo
mfprimo
opened on Jul 11, 2017

After logout, plain Moodle redirects the user to either the login page or the site index
(from Moodle login/logout.php):

if ($login) {
    $redirect = get_login_url();
} else {
    $redirect = $CFG->wwwroot.'/';
}
//....
redirect($redirect);

This auth/saml plugin, instead, redirects the user to the current page (from Moodle SAML Auth plugin index.php):

            if(isset($_SERVER['SCRIPT_URI'])) {
                $urltogo = $_SERVER['SCRIPT_URI'];
                $urltogo = str_replace('auth/saml/index.php', '', $urltogo);
            }
            else if(isset($_SERVER['HTTP_REFERER'])) {
                $urltogo = $_SERVER['HTTP_REFERER'];
            }
            else{
                $urltogo = '/';
            }

            if($saml_param->dosinglelogout) {
                $as->logout($urltogo);
                assert("FALSE"); // The previous line issues a redirect
            } else {
                header('Location: '.$urltogo);
                exit();
            }

As result, Moodle present a logout behaviour different from usual user experience and in case of the current page is not accessible to anonymous user even an unexpected error.

Proposed solution: use the global $redirect variable to retain the usual Moodle behaviour.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions