[bug] wrong key is passed to session deletion when logout

AFAIK, the mapping between cookie, session and ticket are as follow:
cookie key --> cookie value(also session key)
session key --> session value(also service ticket)
service ticket --> authentication info.

cas/client.go

Lines 356 to 365 in 87e080a

    
           if s, ok := c.sessions.Get(cookie.Value); ok { 
        
           	if err := c.tickets.Delete(s); err != nil { 
        
           		fmt.Printf("Failed to remove %v from %T: %v\n", cookie.Value, c.tickets, err) 
        
           		if glog.V(2) { 
        
           			glog.Errorf("Failed to remove %v from %T: %v", cookie.Value, c.tickets, err) 
        
           		} 
        
           	} 
        
           	c.deleteSession(s) 
        
           }

c.sessions.Get(cookie.Value) gets the session value(also the service ticket), while c.deleteSession() should receive the session key as the parameter. We passed session value as session key, so the deleteSession does not work here.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

	if s, ok := c.sessions.Get(cookie.Value); ok {
	if err := c.tickets.Delete(s); err != nil {
	fmt.Printf("Failed to remove %v from %T: %v\n", cookie.Value, c.tickets, err)
	if glog.V(2) {
	glog.Errorf("Failed to remove %v from %T: %v", cookie.Value, c.tickets, err)
	}
	}

	c.deleteSession(s)
	}

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions