Problem/Motivation
I think I've discovered a bug where simplesamlphp_auth and autologout don't play well together. Because SAML expects an Idp, when pulling the site locally and trying to log in without one, it's easy to use drush uli
because there's no creds we can connect with and we can bypass the SAML login process entirely.
Upon trying to log in for the first time with drush uli
(say for UID 1), things will work immediately. However, when autologout kicks in and logs out the user in question if you try and drush uli
again it will no longer work because there's a stalled SESS cookie in the browser. Until you manually delete the SESS cookie or unless it expires (23 days after) you'll be stuck. This is a major issue because it's not straight forward to understand the issue and it's significantly breaking the log in mechanism and expectation when using the module.
Proposed resolution
The SESS cookie should be invalidated/destroyed upon automatic logout .
Remaining tasks
Discuss.
User interface changes
Users can now use e.g. drush uli
to log in successfully to the site
API changes
None expected.
Data model changes
None expected.
Comments
Comment #2
AjitSAutomated Logout module does what Drupal core's
user_logout();
function does internally. There is a call forin it. Any other module which works with authentication like the
simplesamlphp_auth
should implementhook_user_logout
and take care of removing the extra settings (any cookies, etc.) they create in the authentication process. It might be worth creating an issue in the corresponding module's issue queue.Comment #3
shrop CreditAttribution: shrop at Mediacurrent commentedWas there ever an issue for this created in the simpleSAMLphp Authentication module's issue queue? Didn't see it here: https://www.drupal.org/project/issues/simplesamlphp_auth?text=automated+...
The idea of a
hook_user_logout
in that module sounds like a good thing to try.We are getting an issue where once Automated Logout logs out, we can't get back to the Drupal site even after deleting all cookies. Could be simpleSAMLphp is still authorized and replacing the cookie. Still testing.
Comment #4
DeaOm CreditAttribution: DeaOm at Agiledrop - Your Trusted Drupal Teammates commentedThere was no new activity in about 4 years, so closing it as outdated.