[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[EP-tech] Re: Screen::Logout bug?



On Fri, 2012-05-18 at 09:27 +0100, Jon Hallett wrote:
> Thanks for following up, Tim.
> 
> Okay, so we have two instances, called uweresearch
>  (http://eprints.uwe.ac.uk) and uwedata
>  (http://researchdata.uwe.ac.uk). Both share the same SSL certificate,
>  eprints.uwe.ac.uk.
> 
> So what I'm seeing is that the http logout URL is logging off the wrong
>  instance. So, for example, if the uwedata logout URL is the
>  http_cgiurl version, http://eprints.uwe.ac.uk/cgi/logout (note, not
>  http://researchdata.uwe.ac.uk/cgi/logout for some odd reason), the
>  user is logged out of uweresearch and left in the uweresearch pages.
> 
> If I change Screen::Logout to use https_cgiurl, it works as I expect it
>  to. The logout URL for uwedata becomes
>  https://eprints.uwe.ac.uk/datasecure/cgi/logout and the user is logged
>  out of the correct instance.
> 
> Essentially it looks like the http_cgiroot in the logout script is
>  either using the wrong host for CGI URLs or doesn't know which
>  instance it is supposed to be logging out. 10_core.pl for uwedata
>  looks fine, so I don't think it is anything that simple...

I understand. The problem is render_action_link() is assuming (wrongly)
that it is always relative to the http: path.

This should fix the issue:
http://trac.eprints.org/eprints/changeset/7743

(As-in relative-to-current URL, not fixed to http: or https:)

/Tim.


> -----Original Message-----
> 
> Message: 1
> Date: Wed, 16 May 2012 12:17:20 +0100
> From: Tim Brody <tdb2 at ecs.soton.ac.uk>
> Subject: [EP-tech] Re: Screen::Logout bug?
> To: eprints-tech at ecs.soton.ac.uk
> Message-ID: <1337167040.2333.16.camel at chassis.ecs.soton.ac.uk>
> Content-Type: text/plain; charset="utf-8"
> 
> On Wed, 2012-05-16 at 09:21 +0100, Jon Hallett wrote:
> > I think there is a problem in perl_lib/EPrints/Plugin/Screen/Logout.pm
> > for sites with multiple secure archives. The upshot is that
> >
> >
> [snip]
> >
> > The background is that we have two secure instances,
> > http://eprints.uwe.ac.uk and http://researchdata.uwe.ac.uk. Unless the
> > change is made to render_action_link the logout link is
> > researchdata.uwe.ac.uk appears as http://eprints.uwe.ac.uk/cgi/logout,
> > which doesn?t work.
> 
> Hi Jon,
> 
> I'm not sure I understand the problem. The link should go to http: for
> the current repository, which will delete the login session for the user
> in the current repository?
> 
> Where does https come into it?
> 
> --
> All the best,
> Tim
> 
> 
> 
> *** Options: http://mailman.ecs.soton.ac.uk/mailman/listinfo/eprints-tech
> *** Archive: http://www.eprints.org/tech.php/
> *** EPrints community wiki: http://wiki.eprints.org/

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 490 bytes
Desc: This is a digitally signed message part
Url : http://mailman.ecs.soton.ac.uk/pipermail/eprints-tech/attachments/20120518/62abfab2/attachment.bin