mblackstock
commented
11 years ago It may be better to call a 'logout' API call, to let WoTKit clean itself up.
Closed danielrozenberg closed 11 years ago
mblackstock
commented
11 years ago It may be better to call a 'logout' API call, to let WoTKit clean itself up.
mduppes
commented
11 years ago After looking around it seems like its not possible to access the JSESSIONID cookie from ckan side since the path is set to /wotkit. Unless this could be changed to / ckan won't be able to delete it, so it may be easier to have a wotkit api call to logout.
For the ckan side logout, there would need to redirect the user to the /data/user/_logout page or similar to explicitely delete the user cookie because the auth_tkt cookie isn't stored on the server, so as long as the user has the cookie until the given expiry time they will be able to log in.
mblackstock
commented
11 years ago hmm. I thought an API call would do it too, but each component of wotkit has its own session cookie path /wotkit and /processor.
The /api app doesn't have access to either! We may just need to make the tomcat sessions shorter (1 hour?) and delete the rememberme cookie (accessible from all apps) so we don't auto-log in to wotkit components. This should be OK for now I think.
On Thu, Jun 6, 2013 at 10:05 AM, mduppes notifications@github.com wrote:
After looking around it seems like its not possible to access the JSESSIONID cookie from ckan side since the path is set to /wotkit. Unless this could be changed to / ckan won't be able to delete it, so it may be easier to have a wotkit api call to logout.
For the ckan side logout, there would need to redirect the user to the /data/user/_logout page or similar to explicitely delete the user cookie because the auth_tkt cookie isn't stored on the server, so as long as the user has the cookie until the given expiry time they will be able to log in.
— Reply to this email directly or view it on GitHubhttps://github.com/SenseTecnic/ckanext-wotkit/issues/6#issuecomment-19059455 .
danielrozenberg
commented
11 years ago Another solution would be to change the wotkit login URL from <ckan>/user/_logout to <wotkit>/logout/ckan, a controller that we would write that will log the user out and then redirect the user to <ckan>/user/_logout to finish the logout process
mblackstock
commented
11 years ago Yes, that would work I think. Hit a wotkit URL to clean up its session. Doesn't clean up the processor, but that one we can leave to expire for now, or redirect twice?
On Thu, Jun 6, 2013 at 12:47 PM, daniel Rozenberg notifications@github.comwrote:
Another solution would be to change the wotkit login URL from
/user/_logout to /logout/ckan, a controller that we would write that will log the user out and then redirect the user to /user/_logout to finish the logout process — Reply to this email directly or view it on GitHubhttps://github.com/SenseTecnic/ckanext-wotkit/issues/6#issuecomment-19069492 .
mduppes
commented
11 years ago I think the multiple redirects may be more complicated but will be the most maintainable since each component handles its own logouts, so any logout from any app redirects to wotkit/logout, and then wotkit logout redirects to ckan/logout. If we are going for the simplest approach it may be to simply delete all ckan cookies which are on the root path / from wotkit/logout, and have all logouts point to wotkit/logout which handles everything.
On Thu, Jun 6, 2013 at 12:57 PM, Mike Blackstock notifications@github.comwrote:
Yes, that would work I think. Hit a wotkit URL to clean up its session. Doesn't clean up the processor, but that one we can leave to expire for now, or redirect twice?
On Thu, Jun 6, 2013 at 12:47 PM, daniel Rozenberg notifications@github.comwrote:
Another solution would be to change the wotkit login URL from
/user/_logout to /logout/ckan, a controller that we would write that will log the user out and then redirect the user to /user/_logout to finish the logout process — Reply to this email directly or view it on GitHub< https://github.com/SenseTecnic/ckanext-wotkit/issues/6#issuecomment-19069492> . — Reply to this email directly or view it on GitHubhttps://github.com/SenseTecnic/ckanext-wotkit/issues/6#issuecomment-19070023 .
mblackstock
commented
11 years ago OK - Daniel, can you give that a go?
On Thu, Jun 6, 2013 at 1:07 PM, mduppes notifications@github.com wrote:
I think the multiple redirects may be more complicated but will be the most maintainable since each component handles its own logouts, so any logout from any app redirects to wotkit/logout, and then wotkit logout redirects to ckan/logout. If we are going for the simplest approach it may be to simply delete all ckan cookies which are on the root path / from wotkit/logout, and have all logouts point to wotkit/logout which handles everything.
On Thu, Jun 6, 2013 at 12:57 PM, Mike Blackstock notifications@github.comwrote:
Yes, that would work I think. Hit a wotkit URL to clean up its session. Doesn't clean up the processor, but that one we can leave to expire for now, or redirect twice?
On Thu, Jun 6, 2013 at 12:47 PM, daniel Rozenberg notifications@github.comwrote:
Another solution would be to change the wotkit login URL from
/user/_logout to /logout/ckan, a controller that we would write that will log the user out and then redirect the user to /user/_logout to finish the logout process — Reply to this email directly or view it on GitHub< https://github.com/SenseTecnic/ckanext-wotkit/issues/6#issuecomment-19069492>
.
— Reply to this email directly or view it on GitHub< https://github.com/SenseTecnic/ckanext-wotkit/issues/6#issuecomment-19070023>
.
— Reply to this email directly or view it on GitHubhttps://github.com/SenseTecnic/ckanext-wotkit/issues/6#issuecomment-19070654 .
danielrozenberg
commented
11 years ago Sure. Just remember that it won't solve the issue where the processor remains logged in
danielrozenberg
commented
11 years ago
To integrate with the Spring part of wotkit we would need to clear the JSESSIONID cookie on logout (the name of the cookie is in ALL-CAPS)