[EP-tech] Re: Screen::Logout bug?
tdb2 at ecs.soton.ac.uk
Fri May 18 15:35:45 BST 2012
On Fri, 2012-05-18 at 09:27 +0100, Jon Hallett wrote:
> Thanks for following up, Tim.
> Okay, so we have two instances, called uweresearch
> (http://eprints.uwe.ac.uk) and uwedata
> (http://researchdata.uwe.ac.uk). Both share the same SSL certificate,
> So what I'm seeing is that the http logout URL is logging off the wrong
> instance. So, for example, if the uwedata logout URL is the
> http_cgiurl version, http://eprints.uwe.ac.uk/cgi/logout (note, not
> http://researchdata.uwe.ac.uk/cgi/logout for some odd reason), the
> user is logged out of uweresearch and left in the uweresearch pages.
> If I change Screen::Logout to use https_cgiurl, it works as I expect it
> to. The logout URL for uwedata becomes
> https://eprints.uwe.ac.uk/datasecure/cgi/logout and the user is logged
> out of the correct instance.
> Essentially it looks like the http_cgiroot in the logout script is
> either using the wrong host for CGI URLs or doesn't know which
> instance it is supposed to be logging out. 10_core.pl for uwedata
> looks fine, so I don't think it is anything that simple...
I understand. The problem is render_action_link() is assuming (wrongly)
that it is always relative to the http: path.
This should fix the issue:
(As-in relative-to-current URL, not fixed to http: or https:)
> -----Original Message-----
> Message: 1
> Date: Wed, 16 May 2012 12:17:20 +0100
> From: Tim Brody <tdb2 at ecs.soton.ac.uk>
> Subject: [EP-tech] Re: Screen::Logout bug?
> To: eprints-tech at ecs.soton.ac.uk
> Message-ID: <1337167040.2333.16.camel at chassis.ecs.soton.ac.uk>
> Content-Type: text/plain; charset="utf-8"
> On Wed, 2012-05-16 at 09:21 +0100, Jon Hallett wrote:
> > I think there is a problem in perl_lib/EPrints/Plugin/Screen/Logout.pm
> > for sites with multiple secure archives. The upshot is that
> > The background is that we have two secure instances,
> > http://eprints.uwe.ac.uk and http://researchdata.uwe.ac.uk. Unless the
> > change is made to render_action_link the logout link is
> > researchdata.uwe.ac.uk appears as http://eprints.uwe.ac.uk/cgi/logout,
> > which doesn?t work.
> Hi Jon,
> I'm not sure I understand the problem. The link should go to http: for
> the current repository, which will delete the login session for the user
> in the current repository?
> Where does https come into it?
> All the best,
> *** Options: http://mailman.ecs.soton.ac.uk/mailman/listinfo/eprints-tech
> *** Archive: http://www.eprints.org/tech.php/
> *** EPrints community wiki: http://wiki.eprints.org/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 490 bytes
Desc: This is a digitally signed message part
Url : http://mailman.ecs.soton.ac.uk/pipermail/eprints-tech/attachments/20120518/62abfab2/attachment.bin
More information about the Eprints-tech