Ticket #1102 (closed defect: fixed)

Opened 9 years ago

Last modified 9 years ago

[S] logout links breaks if HTTP_REFERER not set

Reported by: pjkersha Owned by: pjkersha
Priority: critical Milestone: CMIP5 Security
Component: security Version:
Keywords: Cc:

Description

The Session handler middleware uses HTTP_REFERER from environ to return to the previous URL following logout. If HTTP_REFERER is not set this breaks. This has been seen with Questionnaire (Django) and OAI Info Editor (Pylons).

Change History

comment:1 Changed 9 years ago by pjkersha

  • Status changed from new to closed
  • Resolution set to fixed

Fixed in trunk.

Note: See TracTickets for help on using tickets.