[Bug 444519] Centralized logout process
| Bugzilla Link | 444519 |
| Status | NEW |
| Importance | P3 enhancement |
| Reported | Sep 18, 2014 13:32 EDT |
| Modified | Jul 03, 2019 11:33 EDT |
| Blocks | 298467, 411348 |
Description
After some testing, we realized invalidating sessions for all our sites (Bugzilla, Forums...) from a cookie perspective would be complicated since dev.eclipse.org (and www) cannot override cookie data in different paths/subdomains. This is a good thing.
One thing we considered is to use SQL to remove the user's session information in the Bugzilla, Forums and Gerrit tables. This will effectively log users out, but it will log them out from every computer they may be logged into. From dev.eclipse.org (or eclipse.org) we can't read the individual cookie values for each site.
delete from forum.sessions where email = "joe@eclipse.org";
delete from gerrit.sessions where email = "joe@eclipse.org";
delete from bugs.sessions where email = "joe@eclipse.org";
For now, we can do two things:
-
the logout page (dev.eclipse.org/site_login/logout.php) will tell you that you need to log out from Bugzilla, Gerrit and Forums (and perhaps increase the auto-refresh delay a bit).
-
if possible, hitting "log out" from forums, wiki and others could redirect to dev.eclipse.org/site_login/logout.php to invalidate more sessions than just the forums or wiki