Permalink
Browse files

MDL-26257 Shibboleth auth: run logout handler only if logged in via S…

…hibboleth
  • Loading branch information...
1 parent 22e8ad6 commit 033a066e4f72161541b7a6b2fdafd9a83e7d6937 @bostelm bostelm committed Sep 8, 2011
Showing with 4 additions and 4 deletions.
  1. +4 −4 auth/shibboleth/auth.php
@@ -193,11 +193,11 @@ function loginpage_hook() {
*
*/
function logoutpage_hook() {
- global $redirect;
+ global $SESSION, $redirect;
- // Only do this if logout handler is defined
- if (
- isset($this->config->logout_handler)
+ // Only do this if logout handler is defined, and if the user is actually logged in via Shibboleth
+ if ( isset($SESSION->shibboleth_session_id)
+ && isset($this->config->logout_handler)
&& !empty($this->config->logout_handler)
){
// Check if there is an alternative logout return url defined

0 comments on commit 033a066

Please sign in to comment.