Project

General

Profile

Actions

Bug #103910

open

ext:felogin logout process not working as intended

Added by Torben Hansen 23 days ago. Updated 20 days ago.

Status:
New
Priority:
Should have
Assignee:
Category:
felogin
Target version:
-
Start date:
2024-05-25
Due date:
% Done:

0%

Estimated time:
TYPO3 Version:
13
PHP Version:
Tags:
Complexity:
Is Regression:
Sprint Focus:

Description

Although the login process in ext:felogin works correct from a technical perspective, it does not work as intended.

The logout form is rendered with <f:form action="login" actionUri="{actionUri}" target="_top" fieldNamePrefix="">, where the value of actionUri is the possible redirect URL after the user has been logged out. The actionUri parameter however overwrites the forms action, so when the user logs out by submitting the logout form, a POST request is processed to the redirect URL. Since the POST request includes logintype=logout in the request body, TYPO3 authentication services terminates the users sessions and the logout is finished. So basically, ext:felogin does not handle the logout process (as I would expect), but TYPO3 authentication services do.

However, ext:felogin has code to handle the logout process internally. In initializeAction we have code to check, if a login or logout process is in process. Or in loginAction we have $this->isLogoutSuccessful(), which checks if the logout was successful by ensuring no user session exist and logintype=logout is part of GET/POST data. The code for the logout process can currently only be triggered manually (e.g call link https://domain.tld/login?logintype=logout).

In order to work as intended, the action of the logout form must always be the loginAction of ext:felogin and the actionUri parameter must be removed. In addition, the logout form should contain a new hidden input field <f:form.hidden name="redirect_url" value="{redirectURL}" />, where {redirectURL} is the evaluated/configured redirect URL from ext:felogin plugin. Having this in place, ext:felogin will correctly handle the redirect after logout, and it is possible to use the LogoutConfirmedEvent or the use the BeforeRedirectEvent before the logout redirect is processed.

Actions #1

Updated by Torben Hansen 23 days ago

  • Subject changed from Logout process not working as intended to ext:login logout process not working as intended
Actions #2

Updated by Torben Hansen 23 days ago

  • Description updated (diff)
Actions #3

Updated by Torben Hansen 23 days ago

  • Description updated (diff)
Actions #4

Updated by Torben Hansen 20 days ago

  • Subject changed from ext:login logout process not working as intended to ext:felogin logout process not working as intended
Actions

Also available in: Atom PDF