changeset 48:3f475c6fb168

Make logout clear the session on the server (which necessitates turning it from a link into a button)
author Robin Green <greenrd@greenrd.org>
date Mon, 04 Jul 2011 14:08:00 +0100
parents f8c9e1e4d337
children 9c83592de908
files src/ur/openidUser.ur src/ur/openidUser.urs
diffstat 2 files changed, 21 insertions(+), 11 deletions(-) [+]
line wrap: on
line diff
--- a/src/ur/openidUser.ur	Sun Jul 03 14:09:03 2011 -0400
+++ b/src/ur/openidUser.ur	Mon Jul 04 14:08:00 2011 +0100
@@ -9,7 +9,7 @@
 
 signature CTLDISPLAY = sig
     val formatUser : xbody -> xbody
-    val formatLogout : url -> xbody
+    val formatLogout : ($([]) -> transaction page) -> xbody
     val formatSignup : url -> xbody
     val formatLogon : ({User : string} -> transaction page) -> xbody
 end
@@ -18,8 +18,10 @@
     fun formatUser user =
         <xml>You are logged in as {user}.</xml>
 
-    fun formatLogout url =
-        <xml><a href={url}>Log Out</a></xml>
+    fun formatLogout handler =
+        <xml>
+	  <form><submit value="Logout" action={handler}/></form>
+	</xml>
 
     fun formatSignup url =
         <xml><a href={url}>Sign Up</a></xml>
@@ -114,7 +116,14 @@
     fun main wrap =
         let
             fun logout () =
+		login <- getCookie auth;
                 clearCookie auth;
+		(case login of
+		    Some (LoggedIn login) =>
+		    dml (DELETE FROM session
+				WHERE Id = {[login.Session]}
+				  AND Key = {[login.Key]})
+		  | _ => return ());
                 redirect M.afterLogout
 
             fun signupDetails after =
@@ -324,10 +333,10 @@
 
             case cur of
                 Some cur => return {Status = (M.CtlDisplay.formatUser <xml>{[cur]}</xml>),
-                                    Other = {Url = (url (logout ())), 
-                                             Xml = (M.CtlDisplay.formatLogout (url (logout ())))}}
+                                    Other = {Url = None,
+                                             Xml = (M.CtlDisplay.formatLogout logout)}}
               | None => return {Status = (M.CtlDisplay.formatLogon (logon (show here))),
-                                Other = {Url = (url (signup (show here))),
+                                Other = {Url = Some (url (signup (show here))),
                                          Xml = (M.CtlDisplay.formatSignup (url (signup (show here))))}}
         end
 
--- a/src/ur/openidUser.urs	Sun Jul 03 14:09:03 2011 -0400
+++ b/src/ur/openidUser.urs	Mon Jul 04 14:08:00 2011 +0100
@@ -15,8 +15,8 @@
     val formatUser : xbody -> xbody
     (* Format the display of the logged on user *)
                               
-    val formatLogout : url -> xbody
-    (* Format the logout link *)
+    val formatLogout : ($([]) -> transaction page) -> xbody
+    (* Format the logout button *)
 
     val formatSignup : url -> xbody
     (* Format the signup link *)
@@ -107,14 +107,15 @@
 
 
     val main : (string -> xbody -> transaction page) -> transaction {Status : xbody,
-                                                                     Other : {Url : url, Xml : xbody}}
+                                                                     Other : {Url : option url, Xml : xbody}}
 
     (* Pass in your generic page template; get out the HTML snippet for user
      * management, suitable for, e.g., inclusion in your standard page
      * header.  The output gives a "status" chunk, which will either be a login
      * form or a message about which user is logged in; and an "other" chunk,
-     * which will be a log out or sign up link. In the case "other", the link
-     * itself is also provided for cases when one format is not enough. *)
+     * which will be a log out button or sign up link. In the case of "other",
+     * the link itself (if available) is also provided for cases when one
+     * format is not enough. *)
                              
 end