On line 48 there is a hardcoded path of /cgi-bin/logout? with a redirect, however, if you are not running a cosign server on the same server as your mod_cosign server, this will not work.

Unless cosign passes this via the $_SERVER var, I would setup a path in the admin section for a user to place the logout url. (default it to umich.edu's)

Comments

zibas’s picture

zibas commented

The cosign module is making an assumption here, but a lesser assumption than that the cosign filter and server are running on the same machine.

'https://' . $_SERVER[ 'SERVER_NAME' ] . '/cgi-bin/logout?'

This is assuming that cgi-bin/logout exists and works. At umich, many of our servers which only have the cosign filter do have /cgi-bin/logout.

Logout basically sends a delete cosign cookie command to the user and then redirects to a cosign server's logout script.
I agree that it would be nice for this to be configurable.

mlhess’s picture

mlhess commented

So why not make that path an admin option that can be set?

zibas’s picture

zibas commented
Category: bug » feature
Status: Active » Closed (fixed)

Added in 5.x-1.3. Thanks for the suggestion.