Skip to content

Commit 8a2f652

Browse files
committed
Session Token Invalidation on Logout
1 parent 4ea342c commit 8a2f652

File tree

3 files changed

+21
-18
lines changed

3 files changed

+21
-18
lines changed

server/src/main/java/com/cloud/api/ApiServlet.java

Lines changed: 15 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -260,19 +260,22 @@ void processRequestInContext(final HttpServletRequest req, final HttpServletResp
260260
}
261261

262262
if (apiAuthenticator.getAPIType() == APIAuthenticationType.LOGOUT_API) {
263-
if (session != null) {
264-
final Long userId = (Long) session.getAttribute("userid");
265-
final Account account = (Account) session.getAttribute("accountobj");
266-
Long accountId = null;
267-
if (account != null) {
268-
accountId = account.getId();
269-
}
270-
auditTrailSb.insert(0, "(userId=" + userId + " accountId=" + accountId + " sessionId=" + session.getId() + ")");
271-
if (userId != null) {
272-
apiServer.logoutUser(userId);
273-
}
274-
invalidateHttpSession(session, "invalidating session after logout call");
263+
if (session == null) {
264+
throw new ServerApiException(ApiErrorCode.PARAM_ERROR, "Session not found for the logout process.");
275265
}
266+
267+
final Long userId = (Long) session.getAttribute("userid");
268+
final Account account = (Account) session.getAttribute("accountobj");
269+
Long accountId = null;
270+
if (account != null) {
271+
accountId = account.getId();
272+
}
273+
auditTrailSb.insert(0, "(userId=" + userId + " accountId=" + accountId + " sessionId=" + session.getId() + ")");
274+
if (userId != null) {
275+
apiServer.logoutUser(userId);
276+
}
277+
invalidateHttpSession(session, "invalidating session after logout call");
278+
276279
final Cookie[] cookies = req.getCookies();
277280
if (cookies != null) {
278281
for (final Cookie cookie : cookies) {

ui/src/api/index.js

Lines changed: 0 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -65,7 +65,6 @@ export function login (arg) {
6565
}
6666

6767
export function logout () {
68-
sourceToken.cancel()
6968
message.destroy()
7069
notification.destroy()
7170
return api('logout')

ui/src/store/modules/user.js

Lines changed: 6 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -24,6 +24,7 @@ import router from '@/router'
2424
import store from '@/store'
2525
import { oauthlogin, login, logout, api } from '@/api'
2626
import { i18n } from '@/locales'
27+
import { sourceToken } from '@/utils/request'
2728

2829
import {
2930
ACCESS_TOKEN,
@@ -374,11 +375,6 @@ const user = {
374375
cloudianUrl = state.cloudian.url + 'logout.htm?redirect=' + encodeURIComponent(window.location.href)
375376
}
376377

377-
Object.keys(Cookies.get()).forEach(cookieName => {
378-
Cookies.remove(cookieName)
379-
Cookies.remove(cookieName, { path: '/client' })
380-
})
381-
382378
commit('SET_TOKEN', '')
383379
commit('SET_APIS', {})
384380
commit('SET_PROJECT', {})
@@ -406,6 +402,11 @@ const user = {
406402
}
407403
}).catch(() => {
408404
resolve()
405+
}).finally(() => {
406+
Object.keys(Cookies.get()).forEach(cookieName => {
407+
Cookies.remove(cookieName)
408+
Cookies.remove(cookieName, { path: '/client' })
409+
})
409410
})
410411
})
411412
},

0 commit comments

Comments
 (0)