Hi,
we have a security requirement that requires logging in via a secure url when accessing _edit, _admin this can be done easily via redirects when logging in.
But using Easy Edit when logging out users remain in the secure site url.
has anyone came across this issue and worked around it.
I expect most companies would or should be logging in securely.
EES logout redirect
Darren
(Darren Johnston)
#1
Anthony_Barnes
(Anthony Barnes)
#2
The logout code for EES delivers the user to the same url they are accessing without the editing suffix and with the query parameter matrix uses to trigger a user session expiry (SQ_ACTION=logout). It also does other things like releasing locks on the current asset and providing some options about exiting EES without logging out so customising this wouldn't be straight forward.
This doesn't look like something we would change in the core, but could you possibly add a redirect that detects the query parameter used to logout to push the user to the non secure url?
Darren
(Darren Johnston)
#3
[quote]
The logout code for EES delivers the user to the same url they are accessing without the editing suffix and with the query parameter matrix uses to trigger a user session expiry (SQ_ACTION=logout). It also does other things like releasing locks on the current asset and providing some options about exiting EES without logging out so customising this wouldn't be straight forward.
This doesn't look like something we would change in the core, but could you possibly add a redirect that detects the query parameter used to logout to push the user to the non secure url?
[/quote]
we thought of doing that but the all the urls do not follow the same pattern
work here:
secure.domain.edu.au/rural-clinical-school
www.domain.edu.au/rural-clinical-school
not here:
www.domain.edu.au/human-life-sciences
secure.domain.edu.au/hls
all urls are available from the url tab in EES would it be possible to grab the first non secure url as a variable and use it in the logout action?
Anthony_Barnes
(Anthony Barnes)
#4
[quote]
we thought of doing that but the all the urls do not follow the same pattern
work here:
secure.domain.edu.au/rural-clinical-school
www.domain.edu.au/rural-clinical-school
not here:
www.domain.edu.au/human-life-sciences
secure.domain.edu.au/hls
[/quote]
With a decent Apache rewrite rule (requires mod-rewrite to be installed, not sure if this is default) I think it would be possible to preserve the current url in the logout but re-write it to https. This isn't my area of specialty but I have seen similar things done. I could also be misunderstanding the issue.
[quote]
all urls are available from the url tab in EES would it be possible to grab the first non secure url as a variable and use it in the logout action?
[/quote]
It's possible to do a lot of things with the interface it's just a question of difficulty really. This could be done given enough time to customise.