remove login request directly after logout,

and add logout from servlet container make logout button red
2024-09-19 00:01:41 +02:00 · 2016-11-18 02:39:53 +01:00 · 2016-11-18 02:39:53 +01:00 · b449b0b660
commit b449b0b660
parent 28afd3a2f8
2 changed files with 7 additions and 7 deletions
--- a/htroot/User.html
+++ b/htroot/User.html
@ -22,7 +22,7 @@
      You are currently logged in as #[username]#.<br />
      (Identified by #(identified-by)#IP::Username/Password::Cookie#(/identified-by)#)<br />
      <form action="User.html" accept-charset="UTF-8">
-        <input type="submit" name="logout" class="btn btn-primary" value="logout">
+        <input type="submit" name="logout" class="btn btn-danger" value="logout">
      </form>
      #(limit)#::
      #{percent}#<img src="env/grafics/red-block.png" alt="red bar" />#{/percent}##{percent2}#<img src="env/grafics/green-block.png" alt="green bar" />#{/percent2}#
@ -52,7 +52,7 @@
    ::
    You are currently logged in as admin.<br />
    <form action="User.html" accept-charset="UTF-8">
-      <input type="submit" name="logout" class="btn btn-primary" value="logout">
+      <input type="submit" name="logout" class="btn btn-danger" value="logout">
    </form>
    <br />
    <p>(after logout you will be prompted for your password again. simply click "cancel")</p>
--- a/htroot/User.java
+++ b/htroot/User.java
@ -27,6 +27,7 @@
 //javac -classpath .:../Classes Message.java
 //if the shell's current path is HTROOT

+import javax.servlet.ServletException;
 import net.yacy.cora.order.Base64Order;
 import net.yacy.cora.order.Digest;
 import net.yacy.cora.protocol.RequestHeader;
@ -53,7 +54,7 @@ public class User{
        prop.put("logged-in_username", "");
        prop.put("logged-in_returnto", "");
        //identified via HTTPPassword
-        entry=sb.userDB.proxyAuth((requestHeader.get(RequestHeader.AUTHORIZATION, "xxxxxx")));
+        entry=sb.userDB.proxyAuth(requestHeader.get(RequestHeader.AUTHORIZATION, "xxxxxx"));
        if(entry != null){
        	prop.put("logged-in_identified-by", "1");
        //try via cookie
@ -159,10 +160,9 @@ public class User{
            }else{
                sb.userDB.adminLogout(UserDB.getLoginToken(requestHeader.getHeaderCookies()));
            }
-            //XXX: This should not be needed anymore, because of isLoggedout
-            if(! (requestHeader.get(RequestHeader.AUTHORIZATION, "xxxxxx")).equals("xxxxxx")){
-            	prop.authenticationRequired();
-            }
+            try {
+                requestHeader.logout(); // servlet container session logout
+            } catch (ServletException ex) {}
            if(post.containsKey("returnto")){
                prop.putHTML(serverObjects.ACTION_LOCATION, post.get("returnto"));
            }