[FIX] completely destroy the current openerp session on logout (but leave the webclient session), so other tabs using the same session get unlogged

lp bug: https://launchpad.net/bugs/925386 fixed bzr revid: xmo@openerp.com-20120210164309-lyslwm4t94a4jd7g
2012-02-10 17:43:09 +01:00 · 2012-02-10 17:43:09 +01:00 · b79f91a0f5
parent e0a346f0eb
commit b79f91a0f5
5 changed files with 21 additions and 11 deletions
--- a/addons/web/common/http.py
+++ b/addons/web/common/http.py
@ -357,11 +357,13 @@ def session_context(request, storage_path, session_cookie='sessionid'):
        # session id, and are generally noise
        removed_sessions = set()
        for key, value in request.session.items():
-            if (isinstance(value, session.OpenERPSession) 
-                and not value._uid
-                and not value.jsonp_requests
-                and value._creation_time + (60*5) < time.time()  # FIXME do not use a fixed value
-            ):
+            if not isinstance(value, session.OpenERPSession):
+                continue
+            if getattr(value, '_suicide', False) or (
+                        not value._uid
+                    and not value.jsonp_requests
+                    # FIXME do not use a fixed value
+                    and value._creation_time + (60*5) < time.time()):
                _logger.debug('remove session %s', key)
                removed_sessions.add(key)
                del request.session[key]
--- a/addons/web/common/session.py
+++ b/addons/web/common/session.py
@ -36,6 +36,7 @@ class OpenERPSession(object):
        self._uid = False
        self._login = False
        self._password = False
+        self._suicide = False
        self.context = {}
        self.contexts_store = {}
        self.domains_store = {}
--- a/addons/web/controllers/main.py
+++ b/addons/web/controllers/main.py
@ -613,6 +613,10 @@ class Session(openerpweb.Controller):
        req.session.assert_valid()
        return None

+    @openerpweb.jsonrequest
+    def destroy(self, req):
+        req.session._suicide = True
+
 def eval_context_and_domain(session, context, domain=None):
    e_context = session.eval_context(context)
    # should we give the evaluated context as an evaluation context to the domain?
--- a/addons/web/static/src/js/chrome.js
+++ b/addons/web/static/src/js/chrome.js
@ -1147,12 +1147,14 @@ openerp.web.WebClient = openerp.web.OldWidget.extend(/** @lends openerp.web.WebC
        n.warn.apply(n, arguments);
    },
    on_logout: function() {
-        this.session.session_logout();
-        $(window).unbind('hashchange', this.on_hashchange);
-        this.do_push_state({});
-        //would be cool to be able to do this, but I think it will make addons do strange things
-        //this.show_login();
-        window.location.reload();
+        var self = this;
+        this.session.session_logout().then(function () {
+            $(window).unbind('hashchange', self.on_hashchange);
+            self.do_push_state({});
+            //would be cool to be able to do this, but I think it will make addons do strange things
+            //this.show_login();
+            window.location.reload();
+        });
    },
    bind_hashchange: function() {
        $(window).bind('hashchange', this.on_hashchange);
--- a/addons/web/static/src/js/core.js
+++ b/addons/web/static/src/js/core.js
@ -674,6 +674,7 @@ openerp.web.Connection = openerp.web.CallbackEnabled.extend( /** @lends openerp.
    },
    session_logout: function() {
        this.set_cookie('session_id', '');
+        return this.rpc("/web/session/destroy", {});
    },
    on_session_valid: function() {
    },