Details
-
Bug
-
Resolution: Won't Do
-
Minor
-
None
-
5.4, 5.4.1, 5.4.2, 5.4.3
-
None
-
None
Description
LogoutFilter.java uses HttpServletResponse.sendRedirect() but then continues chaining filters. This is never a good idea, and indeed leads to 500 errors in several situations when later filters attempt to send redirects or take other actions. It's been particularly troubling for the CAS authentication module, though I was able to work around it.
Patch included just stops the chain so that the redirect happens immediately.
There's also a useless chain reset in there that I didn't bother to clean out, but it probably should be done.
Checklists
Acceptance criteria