def _respond(self, transaction): app = transaction.application() request = transaction.request() if transaction.hasSession(): transaction.session().expiring() # invalidates as well as expires else: # If the transaction doesn't already have a WebKit Session, # there is no Session clean-up to do, but there might still be # an obsolete session cookie to expire. if request.hasCookie(app.sessionName(transaction)): HTTPUtils.delCookie(transaction.response(), app.sessionName(transaction)) # Send browser a response header forcing it to send a new request # for /mgmt/login?reason=1&dest=<urlencode(/mgmt/gui?p=home)> # with trivial token html content. querystring = {'dest': '/mgmt/gui?p=home', 'reason': 'logout'} querystring.update(transaction.request().fields()) loginURL = '/mgmt/login?' + urllib.urlencode(querystring) res = transaction.response() res.write('<html><body><h1>redirect to <a href="' + loginURL + '">' + loginURL + '</a></h1></body></html>') res.sendRedirect(loginURL) raise EndResponse
def writeBody(self): trans = self.transaction() request = trans.request() response = trans.response() # Enclose in a try/finally because we want to make sure that, # if there is no authenticated session, the session cookie gets expired # even if login.psp gets into trouble in any way. try: self.writeln('<body class="login">') if request.value('p', '') == 'passwordExpired': self.application().includeURL(trans, '/Templates/passwordExpired') else: self.application().includeURL(trans, '/Templates/login') finally: # Avoid session creation; only retrieve session if already exists. session = trans.hasSession() and trans._session or None if session and not session.isValid(): # the user didn't login. session.expiring() # If the browser sent a cookie but the Application didn't find # a Session Object for that cookie value, expire the cookie. elif request and response \ and request.hasCookie(trans.application().sessionName(trans)): HTTPUtils.delCookie(response, trans.application().sessionName(trans)) self.writeln('</body>')