Please upgrade here. These earlier versions are no longer being updated and have security issues.
HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.
Options

setting $Configuration['Garden']['Authenticator']['SignOutUrl']

I am trying SSO in forums. I've tried sign-out url of my other site to log out from the my forum site.
I set $Configuration['Garden']['Authenticator']['SignOutUrl'] in config.php as follows:
$Configuration['Garden']['Authenticator']['SignOutUrl'] = 'https://local.myhome.com/signout/';
Unfortunately, i cannot get any effect after doing that.

i just want to change sign out url in forum into our site's signout.
If you have some solutions, please let me know.

Thanks

Comments

  • Options
    vrijvlindervrijvlinder Papillon-Sauvage MVP
    edited March 2013

    have you tried ?

    $Configuration['Garden']['Authenticator']['SignOutUrl'] = '/signout/{Session_TransientKey}?Target=%2$s';
    

    assuming that is an actual sign out action page...I may be wrong but I think there is more to signing out than just a url.

    you could also maybe create a route to replace the one going to the "original sign out sheet" and put a new route to the new sign out, in the dashboard Routes options.

  • Options
    x00x00 MVP
    edited March 2013

    It looks like that basically does nothing :/

    there are two ways of dealing with this server rules / vanilla routes e.g. go to /dashboard/routes

    click Add Route

    • Route Expression: entry/signout
    • Target: https://local.myhome.com/signout/
    • Type: 301 Permanent

    Or

    you can predefine theSignOutUrl function

    if you create a file called bootstap.before.php in conf/ and put

     <?php if (!defined('APPLICATION')) exit();
     function SignOutUrl($Target = '') {
        $SignOutUrl = C('Garden.Authenticator.SignOutUrl','/signout/{Session_TransientKey}?Target=%2$s');
        $SignOutUrl = FormatString($SignOutUrl, array('Session_TransientKey'=>Gdn::Session()->TransientKey()));
        $SignOutUrl = sprintf($SignOutUrl,($Target ? urlencode($Target) : ''));
        return $SignOutUrl;
     }
    

    Note most signout on frameworks like wordress supply a nonce (what vanilla calls a TransientKey), without this it will ask the user if they are meaning to sign out as it could be a malicious action. You would have to be able to set a nonce in the native framework to get round this. Also there is a target field. Most frameweorks will have a redirect param (called Target in Garden). in wordpress you use redirect_to=url

    grep is your friend.

  • Options

    Thank you so much. I can change sign out URL thanks to you. But I still have some problems. I click signout button in forums which moves to my site's signout so I can log-out from my site. But i am still logined in Forums and cannot logout.

Sign In or Register to comment.