@Override public void destroySessionFront(VertxWebContext context, String ticket) { store.remove(ticket); final SessionStore sessionStore = context.getSessionStore(); if (sessionStore == null) { logger.error("No session store available for this web context"); } else { final String currentSessionId = sessionStore.getOrCreateSessionId(context); logger.debug("currentSessionId: {}", currentSessionId); final String sessionToTicket = (String) sessionStore.get(context, PAC4J_CAS_TICKET); logger.debug("-> ticket: {}", ticket); sessionStore.set(context, PAC4J_CAS_TICKET, null); if (CommonHelper.areEquals(ticket, sessionToTicket)) { // remove profiles final ProfileManager manager = profileManagerFactory.apply(context); manager.logout(); logger.debug("destroy the user profiles"); // and optionally the web session if (destroySession) { logger.debug("destroy the whole session"); final boolean invalidated = sessionStore.destroySession(context); if (!invalidated) { logger.error("The session has not been invalidated for front channel logout"); } } } else { logger.error("The user profiles (and session) can not be destroyed for CAS front channel logout because the provided ticket is not the same as the one linked to the current session"); } } }
@Override public void destroySessionFront(VertxWebContext context, String ticket) { store.remove(ticket); final SessionStore sessionStore = context.getSessionStore(); if (sessionStore == null) { logger.error("No session store available for this web context"); } else { final String currentSessionId = sessionStore.getOrCreateSessionId(context); logger.debug("currentSessionId: {}", currentSessionId); final String sessionToTicket = (String) sessionStore.get(context, PAC4J_CAS_TICKET); logger.debug("-> ticket: {}", ticket); sessionStore.set(context, PAC4J_CAS_TICKET, null); if (CommonHelper.areEquals(ticket, sessionToTicket)) { // remove profiles final ProfileManager manager = profileManagerFactory.apply(context); manager.logout(); logger.debug("destroy the user profiles"); // and optionally the web session if (destroySession) { logger.debug("destroy the whole session"); final boolean invalidated = sessionStore.destroySession(context); if (!invalidated) { logger.error("The session has not been invalidated for front channel logout"); } } } else { logger.error("The user profiles (and session) can not be destroyed for CAS front channel logout because the provided ticket is not the same as the one linked to the current session"); } } }