[Security:minor] Using /logout instead of /?logout=1 does not work
In LL::NG 2.0, it seems that a specific route has been created for logout, but it is not working.
Here is the log when calling http://auth.example.com/logout:
auth.example.com:80 127.0.0.1 - - [21/Mar/2019:09:15:38 +0100] "GET /static/common/apps/network.png HTTP/1.1" 304 263
[debug] Get session 10380b49602162d0727a53e74796d00e50ea71c2b051b369ea09b743042ef7fd from Handler internal cache
[debug] auth.example.com: Apply default rule
[debug] removing cookie
[debug] Cookies -> llnglanguage=fr; lemonldap=10380b49602162d0727a53e74796d00e50ea71c2b051b369ea09b743042ef7fd
[debug] CookieName -> lemonldap
[debug] newCookies -> llnglanguage=fr;
[debug] User dwho was granted to access to /logout
[debug] Start routing logout
[debug] Processing controlUrl
[debug] Processing authLogout
[debug] Cleaning pdata
[debug] Processing deleteSession
[debug] Returned error: 47
[debug] Calling autoredirect
[debug] Skin returned: login
[debug] Calling sendHtml with template login
And here with http://auth.example.com/?logout=1:
[debug] Get session 10380b49602162d0727a53e74796d00e50ea71c2b051b369ea09b743042ef7fd from Handler::Main::Run
[debug] Check session validity from Handler
[debug] Session timeout -> 72000
[debug] Session _utime -> 1553156138
[debug] now -> 1553156173
[debug] Session timeoutActivityInterval -> 60
[debug] Session TTL = 71965
[debug] auth.example.com: Apply default rule
[debug] removing cookie
[debug] Cookies -> llnglanguage=fr; lemonldap=10380b49602162d0727a53e74796d00e50ea71c2b051b369ea09b743042ef7fd
[debug] CookieName -> lemonldap
[debug] newCookies -> llnglanguage=fr;
[debug] User dwho was granted to access to /?logout=1
[debug] Start routing default route
[debug] Processing importHandlerData
[debug] Processing controlUrl
[debug] Processing checkLogout
[debug] Processing authLogout
[debug] Cleaning pdata
[debug] Processing deleteSession
[debug] Try to get SSO session 10380b49602162d0727a53e74796d00e50ea71c2b051b369ea09b743042ef7fd
[debug] Get session 10380b49602162d0727a53e74796d00e50ea71c2b051b369ea09b743042ef7fd from Portal::Main::Run
[debug] Return SSO session 10380b49602162d0727a53e74796d00e50ea71c2b051b369ea09b743042ef7fd
[debug] Local handler logout
[notice] User dwho has been disconnected
[debug] Session 10380b49602162d0727a53e74796d00e50ea71c2b051b369ea09b743042ef7fd deleted from global storage
[debug] Returned error: 47
[debug] Calling autoredirect
[debug] Skin returned: login
[debug] Calling sendHtml with template login
In the first case the session is not deleted.