Logging out of Moodle or Drupal does not log out the other one.

[Cheesenbizkitz]

Using the 2.x-2.x-fix_url_redirect branch, I'm having an issue where logging out of Moodle will not log out the user on the Drupal site, this results in Moodle doing what it does by default, logging out the user and sending them to the home page of Moodle, but because they are still logged in on Drupal it logs them back in to Moodle, so the user gets stuck in a loop where they hit logout, the page refreshes a couple of times and then they are still logged in.

Also logging out of Drupal doesn't log out the user on Moodle, so this means that if I'm using the Drupal site as the main log in and log out portal, if there are multiple users on one computer, one user will log out on Drupal, but wouldn't get logged out in Moodle, then the next user would log in to Drupal, go to Moodle, but still be logged in as the previous user in Moodle.

I was going to just put in my own workarounds around this, but if the plugin can do it more elegantly, that'd be great.

I was going to edit the section of code in Moodle's /login/logout.php file line 35-40:

// can be overridden by auth plugins
if ($login) {
    $redirect = get_login_url();
} else {
    $redirect = $CFG->wwwroot.'/';
}

To something like this so that it would go straight to the Drupal logout once the user is logged out in Moodle:

// can be overridden by auth plugins
if ($login) {
    $redirect = get_login_url();
} else {
    $redirect = 'http://dev.example.com/user/logout';
}

But by the looks of the comment there, the auth plugin should be able to do this without me needing to hardcode it in.

[Cheesenbizkitz]

I actually did try that workaround, but it seems to only work every second time when clicking log out, just like the log in button only works properly and redirects to Drupal every second time...

[Cheesenbizkitz]

I implemented a really dirty workaround for the issue of log-in on Moodle only redirecting to Drupal 50% of the time:

Adding:

header("Refresh:0");

to the top of Moodle's /login/index.php file, so that once you get there, it refreshes the page once, which seems to fire the Drupal login correctly if you end up getting to the Moodle login page.

After doing that and purging all caches, logging out seems to also work fine in the Moodle-Drupal direction, that is with my workaround from the first comment still implemented.

[netw3rker]

I think Moodle can probably just expire the Drupal session cookie upon logout. I guess the bigger issue is, should this happen? In the scenario described logging out of Moodle logs the user out of everything, not just Drupal.

If this is to be solved, there should probably be an option to determine what to do with a logout action. I can see 3(ish) options:

1) disable moodle's logout ability completely 2) allow logout w/o impacting drupal (good for things like switching users) 3) allow logout and log out drupal session

[netw3rker]

I totally forgot this was already built in ;) I verified the problem and just committed a fix to a feature branch called "2.x-2.x-issue_46-logout_fails". the code was actually buggy (go figure). Give this a shot & let me know if it helps!

[netw3rker]

Also, I updated the Drupal - moodle_sso module to be able to log users out of moodle if they log out from the drupal side of things. If you update that module and configure it, you'll be able to make that happen as well.