[jira] [Created] (OFBIZ-4959) Logout do not remove autoLogin

Roberto Benítez Monje created OFBIZ-4959:
--------------------------------------------

             Summary: Logout do not remove autoLogin
                 Key: OFBIZ-4959
                 URL: https://issues.apache.org/jira/browse/OFBIZ-4959
             Project: OFBiz
          Issue Type: Bug
          Components: ALL COMPONENTS
    Affects Versions: Release 10.04, Release 09.04
         Environment: Windows 2003 Server. Apache Ofbiz 2004 and Ofbiz 10
            Reporter: Roberto Benítez Monje


Logout method do not disable autoLogin functionality. Instead of that it just initializes autoLogin in session and request.

It have to be replace autoLoginCheck for autoLoginRemove inside of logout method.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

     [ https://issues.apache.org/jira/browse/OFBIZ-4959?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Roberto Benítez Monje updated OFBIZ-4959:
-----------------------------------------

    Description:
Logout method do not disable autoLogin functionality. Instead of that it just initializes autoLogin in session and request.

It have to be replace autoLoginCheck for autoLoginRemove inside of logout method.

{code:title=LoginEvents/LoginWorker.java|borderStyle=solid}
public static String logout(HttpServletRequest request, HttpServletResponse response) {
        // invalidate the security group list cache
        GenericValue userLogin = (GenericValue) request.getSession().getAttribute("userLogin");
        String returnValue = "success";
        if (request.getAttribute("_AUTO_LOGIN_LOGOUT_") == null) {
                try {
                        returnValue = autoLoginRemove(request, response);
                } catch (IOException e) {
                        Debug.logWarning(e, "", module);
                }
        }
        // log out from all other sessions too; do this here so that it is only done when a user explicitly logs out
        logoutFromAllSessions(userLogin);

        doBasicLogout(userLogin, request);

        return returnValue;
}
{code}

  was:
Logout method do not disable autoLogin functionality. Instead of that it just initializes autoLogin in session and request.

It have to be replace autoLoginCheck for autoLoginRemove inside of logout method.

   
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

    [ https://issues.apache.org/jira/browse/OFBIZ-4959?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13414433#comment-13414433 ]

Jacques Le Roux commented on OFBIZ-4959:
----------------------------------------

I don't know what you want to express or do with this issue. For instance logoutFromAllSessions does not exist in OFBiz. And why an user would have more than one session?
               
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

    [ https://issues.apache.org/jira/browse/OFBIZ-4959?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13414880#comment-13414880 ]

Roberto Benítez Monje commented on OFBIZ-4959:
----------------------------------------------

logoutFromAllSessions mabye is a method from a previous developper in my company.
Autologin does the Cookies handling. Ofbiz never delete Cookies because autoLoginRemove is never called. I detect this behaviour because I was manipulating ofbiz to allow the user choose his home page and I faced with re-login issue. I saw request and session attributes and even the cookies.
If a user enters in default_component and is redirected automatically to another component when He logout He isn't completely logged out. And if he enters again in default_component is logged in without insert his user and password.

Sorry If I don't express correctly. I don't speak English very well.
               
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

    [ https://issues.apache.org/jira/browse/OFBIZ-4959?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13420544#comment-13420544 ]

Jacques Le Roux commented on OFBIZ-4959:
----------------------------------------

It's clear enough, thanks. I will have a look when I will get a chance...
               
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

     [ https://issues.apache.org/jira/browse/OFBIZ-4959?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Jacques Le Roux closed OFBIZ-4959.
----------------------------------

    Resolution: Incomplete
      Assignee: Jacques Le Roux

Sorry this does not make sense to me, I close
               
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Hi,

If you need more help are welcome.