[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[EP-tech] Re: Screen::Logout bug?



Great, thanks Tim. The fix from http://trac.eprints.org/eprints/changeset/7743 does the job.

Jon


-----Original Message-----

Date: Fri, 18 May 2012 15:35:45 +0100
From: Tim Brody <tdb2 at ecs.soton.ac.uk>
Subject: [EP-tech] Re: Screen::Logout bug?
To: eprints-tech at ecs.soton.ac.uk
Message-ID: <1337351745.2325.52.camel at chassis.ecs.soton.ac.uk>
Content-Type: text/plain; charset="utf-8"

On Fri, 2012-05-18 at 09:27 +0100, Jon Hallett wrote:
> Thanks for following up, Tim.
> 
> Okay, so we have two instances, called uweresearch
>  (http://eprints.uwe.ac.uk) and uwedata
>  (http://researchdata.uwe.ac.uk). Both share the same SSL certificate,
>  eprints.uwe.ac.uk.
> 
> So what I'm seeing is that the http logout URL is logging off the wrong
>  instance. So, for example, if the uwedata logout URL is the
>  http_cgiurl version, http://eprints.uwe.ac.uk/cgi/logout (note, not
>  http://researchdata.uwe.ac.uk/cgi/logout for some odd reason), the
>  user is logged out of uweresearch and left in the uweresearch pages.
> 
> If I change Screen::Logout to use https_cgiurl, it works as I expect it
>  to. The logout URL for uwedata becomes
>  https://eprints.uwe.ac.uk/datasecure/cgi/logout and the user is logged
>  out of the correct instance.
> 
> Essentially it looks like the http_cgiroot in the logout script is
>  either using the wrong host for CGI URLs or doesn't know which
>  instance it is supposed to be logging out. 10_core.pl for uwedata
>  looks fine, so I don't think it is anything that simple...

I understand. The problem is render_action_link() is assuming (wrongly)
that it is always relative to the http: path.

This should fix the issue:
http://trac.eprints.org/eprints/changeset/7743

(As-in relative-to-current URL, not fixed to http: or https:)

/Tim.


> -----Original Message-----
> 
> Message: 1
> Date: Wed, 16 May 2012 12:17:20 +0100
> From: Tim Brody <tdb2 at ecs.soton.ac.uk>
> Subject: [EP-tech] Re: Screen::Logout bug?
> To: eprints-tech at ecs.soton.ac.uk
> Message-ID: <1337167040.2333.16.camel at chassis.ecs.soton.ac.uk>
> Content-Type: text/plain; charset="utf-8"
> 
> On Wed, 2012-05-16 at 09:21 +0100, Jon Hallett wrote:
> > I think there is a problem in perl_lib/EPrints/Plugin/Screen/Logout.pm
> > for sites with multiple secure archives. The upshot is that
> >
> >
> [snip]
> >
> > The background is that we have two secure instances,
> > http://eprints.uwe.ac.uk and http://researchdata.uwe.ac.uk. Unless the
> > change is made to render_action_link the logout link is
> > researchdata.uwe.ac.uk appears as http://eprints.uwe.ac.uk/cgi/logout,
> > which doesn?t work.
> 
> Hi Jon,
> 
> I'm not sure I understand the problem. The link should go to http: for
> the current repository, which will delete the login session for the user
> in the current repository?
> 
> Where does https come into it?
> 
> --
> All the best,
> Tim
>