EPrints Technical Mailing List Archive

Message: #00576


< Previous (by date) | Next (by date) > | < Previous (in thread) | Next (in thread) > | Messages - Most Recent First | Threads - Most Recent First

[EP-tech] Re: Screen::Logout bug?


Thanks for following up, Tim.

Okay, so we have two instances, called uweresearch (http://eprints.uwe.ac.uk) and uwedata (http://researchdata.uwe.ac.uk). Both share the same SSL certificate, eprints.uwe.ac.uk.

So what I'm seeing is that the http logout URL is logging off the wrong instance. So, for example, if the uwedata logout URL is the http_cgiurl version, http://eprints.uwe.ac.uk/cgi/logout (note, not http://researchdata.uwe.ac.uk/cgi/logout for some odd reason), the user is logged out of uweresearch and left in the uweresearch pages.

If I change Screen::Logout to use https_cgiurl, it works as I expect it to. The logout URL for uwedata becomes https://eprints.uwe.ac.uk/datasecure/cgi/logout and the user is logged out of the correct instance.

Essentially it looks like the http_cgiroot in the logout script is either using the wrong host for CGI URLs or doesn't know which instance it is supposed to be logging out. 10_core.pl for uwedata looks fine, so I don't think it is anything that simple...

Thanks,

Jon

-----Original Message-----

Message: 1
Date: Wed, 16 May 2012 12:17:20 +0100
From: Tim Brody <tdb2@ecs.soton.ac.uk>
Subject: [EP-tech] Re: Screen::Logout bug?
To: eprints-tech@ecs.soton.ac.uk
Message-ID: <1337167040.2333.16.camel@chassis.ecs.soton.ac.uk>
Content-Type: text/plain; charset="utf-8"

On Wed, 2012-05-16 at 09:21 +0100, Jon Hallett wrote:
> I think there is a problem in perl_lib/EPrints/Plugin/Screen/Logout.pm
> for sites with multiple secure archives. The upshot is that
>
>
[snip]
>
> The background is that we have two secure instances,
> http://eprints.uwe.ac.uk and http://researchdata.uwe.ac.uk. Unless the
> change is made to render_action_link the logout link is
> researchdata.uwe.ac.uk appears as http://eprints.uwe.ac.uk/cgi/logout,
> which doesn?t work.

Hi Jon,

I'm not sure I understand the problem. The link should go to http: for
the current repository, which will delete the login session for the user
in the current repository?

Where does https come into it?

--
All the best,
Tim