Automated logout confusing

Can we add an override to the goto. ie, an option in Bakery to choose where the logout goto goes?

At least i would expect to see a info message about the logout action.

I agree, but the problem might be that the message would get cached...

That's an interesting caching issue.
Are we really unable to modify headers to non-caching as long as messages (infos, errors, ...) are present? I think that's a very basic issue and drupal itself should also cover this.

Spelling

Why in the world do we get logged out so often, anyway? I seem to get logged out multiple times in a single day, now. I find this very frustrating, especially when I click on a link in an email, don't immediately look at the page, and then come back to find it's just the drupal.org frontpage and I have no way of going back to the link I originally clicked. This is seriously hampering my workflow.

Agreed, this is much more than just confusing - aggravating and frustrating are both adjectives that come to mind :) There do seem to be multiple issues at play here: the first being the frequency of the logouts, and the second being the redirect to the front page. I would very much like to see both of them fixed.

#575038: Fix site redirects and #578822: Requests get sent to the front page were set duplicates of this issue.

Here is an untested patch that should redirect the logged out user to the requested page with a GET parameter so that the redirect makes more sense. Additional GET parameters get currently lost. Not surre that's an issue...

If a link to drupal.org is clicked by an anonymous user or search engine bot it should work instead of redirecting to the homepage, an anonymous user wouldn't care about how long a session might last, since he/she might have no account!

links to drupal.org are useless/broken for anonymous users
#579372: links to drupal.org are (currently) useless/broken for anonymous users

PS: would this also be happening for bots/crawlers?!

Dunno killes, but...
If there are also anonymous sessions, you need to additionally check for anonymous state and avoid redirect since even if the cookie is obsolete, nothing changes.

Are there also autocreated anonymous bakery sessions?

Then Loosing get param is not that big issue... but if you call a URL with paging you will loose paging information which is pretty common. I think we should forward/redirect the full URL state including query strings.

Finally: Please don't do a simple drupal_goto. This announces "found" which might lead to confusion for robots, ... We really should redirect on 307 to announce a temporary redirect! This should also fix caching issues and allow us to putput info messages for the user to understand why logout happened.

No robots are involved in this issue as can easily be seen from the code:

    global $user;
    // we log out users that have lost their SSO cookie, with the exception of
    // UID 1.
    if ($user->uid > 1) {
      watchdog('bakery', 'Logging out the user with the bad cookie.');
      require_once drupal_get_path('module', 'user') . '/user.pages.inc';
      user_logout();
    }

This one should preserve all GET params.

Oh... uid>1 excluding anonymous states too...

So one issue less. But i still encourage you to forward full URL information including query arguments -- and to provide a correct 307. Not only crawlers interprete http headers.

BTW: Is it really impossible to redirect to the original url itself (the current url) - to enforce a reload? Is there no way to continue the loading of drupal -- or reinit the bootstrap without tricks in redirect?

EDIT: drupal_goto($destination, $get, NULL, 307);

adding that is no problem.

I've tested in on my test install and committed it.

How many cookies do I need to purchase and to whom shall I send them in order to get this deployed on drupal.org? I miss the usability of my favorite web site. Clicking on an issue url in email and going directly to that node was a killer feature of drupal.org.

Thanks very much -- looks like this is live on drupal.org. I'm still offering up cookies if the responsible parties would like to place their orders.

I love drupal.org -- thanks for taking such good care of it!

Has been deployed.

I will try and get this out on g.d.o asap.

Just deployed latest bakery to groups.drupal.org