Contrib.social

Logout behavior does not work for /user/logout/confirm

Open on Drupal.org →
Created on 24 February 2025, about 1 month ago

Problem/Motivation

The CAS module has a setting "Log out behavior" / "Drupal logout triggers CAS logout".
With this setting, the /user/logout route will be redirected to a CAS logout url.

However, this only works if a user clicks a logout link that already has the csrf token.
When you only put /user/logout in your browser, you go to /user/logout/confirm form, where the 'cas.settings:logout.cas_logout' setting has no effect.

Steps to reproduce

Enable the cas.settings:logout.cas_logout setting.

Login with a CAS user.
Type "/user/login" in the browser url bar.
-> you get redirected to /user/login/confirm
Click "Log out" button in the confirm form.

Expected: You get redirected to a CAS logout url.
Actual: You get redirected to Drupal front page.

Proposed resolution

Implement a hook_form_alter() that targets the confirm form to set a redirect destination on submit.

Remaining tasks

User interface changes

API changes

Data model changes

📌 Task
Status

Active

Version

3.0

Component

CAS

Created by

🇩🇪Germany donquixote

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Merge Requests

Comments & Activities

contrib.social Blog FAQ Discussions
Production build 0.71.5 2024