Skip to content
Browse files

MDL-26257 Shibboleth auth: run logout handler only if logged in via S…

…hibboleth
  • Loading branch information...
1 parent 5d2db8a commit f4831673b67f7ce7aab515ee02ee9b45ff2b2a0f @bostelm bostelm committed
Showing with 4 additions and 4 deletions.
  1. +4 −4 auth/shibboleth/auth.php
View
8 auth/shibboleth/auth.php
@@ -193,11 +193,11 @@ function loginpage_hook() {
*
*/
function logoutpage_hook() {
- global $redirect;
+ global $SESSION, $redirect;
- // Only do this if logout handler is defined
- if (
- isset($this->config->logout_handler)
+ // Only do this if logout handler is defined, and if the user is actually logged in via Shibboleth
+ if ( isset($SESSION->shibboleth_session_id)
+ && isset($this->config->logout_handler)
&& !empty($this->config->logout_handler)
){
// Check if there is an alternative logout return url defined

0 comments on commit f483167

Please sign in to comment.
Something went wrong with that request. Please try again.