general: don't use session for after_url persistence (#5637)

2016-01-13 22:11:59 +01:00 · 2016-01-13 22:11:59 +01:00 · 1532759996
parent fe54e75684
commit 1532759996
1 changed files with 2 additions and 2 deletions
--- a/extra/modules/root.py
+++ b/extra/modules/root.py
@ -666,7 +666,7 @@ class AlternateLoginDirectory(OldLoginDirectory):
        ident_methods = get_cfg('identification', {}).get('methods', [])

        if get_request().form.get('ReturnUrl'):
-            get_session().after_url = get_request().form.get('ReturnUrl')
+            get_request().form['next'] = get_request().form.pop('ReturnUrl')

        if 'IsPassive' in get_request().form and 'idp' in ident_methods:
            # if isPassive is given in query parameters, we restrict ourselves
@ -678,7 +678,7 @@ class AlternateLoginDirectory(OldLoginDirectory):
            # possibility of SSO, if we got there as a consequence of an access
            # unauthorized url on admin/ or backoffice/, then idp auth method
            # is chosen forcefully.
-            after_url = get_session().after_url
+            after_url = get_request().form.get('next')
            if after_url:
                root_url = get_publisher().get_root_url()
                after_path = urlparse.urlparse(after_url)[2]