* Handle a logout attempt. * * If an attempt is made to access this URL, any username and password * embedded in the session is deleted. * * This has the effect of logging the person out. * * If a logout URI has been specified, this function will create an * internal redirect to this page. */
| 1190 | * internal redirect to this page. |
| 1191 | */ |
| 1192 | static int authenticate_form_logout_handler(request_rec * r) |
| 1193 | { |
| 1194 | auth_form_config_rec *conf; |
| 1195 | const char *err; |
| 1196 | |
| 1197 | if (strcmp(r->handler, FORM_LOGOUT_HANDLER)) { |
| 1198 | return DECLINED; |
| 1199 | } |
| 1200 | |
| 1201 | conf = ap_get_module_config(r->per_dir_config, &auth_form_module); |
| 1202 | |
| 1203 | /* remove the username and password, effectively logging the user out */ |
| 1204 | set_session_auth(r, NULL, NULL, NULL); |
| 1205 | |
| 1206 | /* |
| 1207 | * make sure the logout page is never cached - otherwise the logout won't |
| 1208 | * work! |
| 1209 | */ |
| 1210 | apr_table_addn(r->headers_out, "Cache-Control", "no-store"); |
| 1211 | apr_table_addn(r->err_headers_out, "Cache-Control", "no-store"); |
| 1212 | |
| 1213 | /* if set, internal redirect to the logout page */ |
| 1214 | if (conf->logout) { |
| 1215 | const char *logout = ap_expr_str_exec(r, |
| 1216 | conf->logout, &err); |
| 1217 | if (!err) { |
| 1218 | apr_table_addn(r->headers_out, "Location", logout); |
| 1219 | return HTTP_TEMPORARY_REDIRECT; |
| 1220 | } |
| 1221 | else { |
| 1222 | ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(02343) |
| 1223 | "Can't evaluate logout expression: %s", err); |
| 1224 | return HTTP_INTERNAL_SERVER_ERROR; |
| 1225 | } |
| 1226 | } |
| 1227 | |
| 1228 | return HTTP_OK; |
| 1229 | |
| 1230 | } |
| 1231 | |
| 1232 | /** |
| 1233 | * Handle a redirect attempt. |
nothing calls this directly
no test coverage detected