From 15c7eaa4d20b695a2a6086975a2a28c04a3362f6 Mon Sep 17 00:00:00 2001
From: Josh Lind <jlind@tableausoftware.com>
Date: Mon, 4 Jun 2012 14:09:00 -0700
Subject: [PATCH] add autologout

---
 .../simplesamlphp_auth/simplesamlphp_auth.module   |   11 ++++++++++-
 .../simplesamlphp_authboot.module                  |    8 +++++++-
 2 files changed, 17 insertions(+), 2 deletions(-)

diff --git a/html/sites/all/modules/simplesamlphp_auth/simplesamlphp_auth.module b/html/sites/all/modules/simplesamlphp_auth/simplesamlphp_auth.module
index 6d63c81..9289aae 100644
--- a/html/sites/all/modules/simplesamlphp_auth/simplesamlphp_auth.module
+++ b/html/sites/all/modules/simplesamlphp_auth/simplesamlphp_auth.module
@@ -296,8 +296,17 @@ function simplesamlphp_auth_init() {
     }
     else {
       // If we are allowing users to log in with local accounts.
+      
+      // Prepare whether to attempt autologout.
+      $perform_auto_logout = FALSE;
+      $boot_cookie = variable_get('simplesamlphp_auth_cachebypass', FALSE);
+      if (variable_get('simplesamlphp_auth_autologout', FALSE) && $boot_cookie && (!isset($_COOKIE[$boot_cookie]) || $_COOKIE[$boot_cookie] != '')) {
+        $perform_auto_logout = TRUE;
+      }
+      
       // If the user has NOT been authenticated via simpleSAML.
-      if (!$_simplesamlphp_auth_as->isAuthenticated()) {
+      // OR if auto-logout via cookie is being used and is missing (in SSO boot).
+      if (!$_simplesamlphp_auth_as->isAuthenticated() || $perform_auto_logout) {
         
         // See if we limit this privilege to specified users
         $strAllwDefLogUsers = variable_get('simplesamlphp_auth_allowdefaultloginusers', '');
diff --git a/html/sites/all/modules/simplesamlphp_auth/simplesamlphp_authboot/simplesamlphp_authboot.module b/html/sites/all/modules/simplesamlphp_auth/simplesamlphp_authboot/simplesamlphp_authboot.module
index ea24caa..dbebfd1 100644
--- a/html/sites/all/modules/simplesamlphp_auth/simplesamlphp_authboot/simplesamlphp_authboot.module
+++ b/html/sites/all/modules/simplesamlphp_auth/simplesamlphp_authboot/simplesamlphp_authboot.module
@@ -74,10 +74,16 @@ function simplesamlphp_authboot_form_simplesamlphp_auth_settings_alter(&$form, &
   );
   $form['simplesamlphp_auth_autologin'] = array(
     '#type' => 'checkbox',
-    '#title' => t('Auto login users with SSO cookie'),
+    '#title' => t('Auto LOGIN users with SSO cookie'),
     '#default_value' => variable_get('simplesamlphp_auth_autologin', 0),
     '#description' => t('If the "cache bypass cookie" is present, the system will attempt to automatically log them in.'),
   );
+  $form['simplesamlphp_auth_autologout'] = array(
+    '#type' => 'checkbox',
+    '#title' => t('Auto LOGOUT users without SSO cookie'),
+    '#default_value' => variable_get('simplesamlphp_auth_autologin', 0),
+    '#description' => t('If the "cache bypass cookie" is not present, the system will attempt to automatically log them out of Drupal. Useful if SAML session is not destroyed by other systems.'),
+  );
 
 }
   
\ No newline at end of file
-- 
1.7.6.1

