mirror of
https://github.com/keycloak/keycloak.git
synced 2026-01-25 16:42:34 +00:00
Prevent multiple logout confirmation actions
closes #32435 Signed-off-by: mposolda <mposolda@gmail.com>
This commit is contained in:
@@ -339,7 +339,7 @@ public class LogoutEndpoint {
|
||||
|
||||
SessionCodeChecks checks = new LogoutSessionCodeChecks(realm, session.getContext().getUri(), request, clientConnection, session, event, code, clientId, tabId);
|
||||
checks.initialVerify();
|
||||
if (!checks.verifyActiveAndValidAction(AuthenticationSessionModel.Action.LOGGING_OUT.name(), ClientSessionCode.ActionType.USER) || !checks.isActionRequest() || !formData.containsKey("confirmLogout")) {
|
||||
if (!checks.verifyActiveAndValidAction(AuthenticationSessionModel.Action.LOGGING_OUT.name(), ClientSessionCode.ActionType.USER) || !checks.isActionRequest()) {
|
||||
AuthenticationSessionModel logoutSession = checks.getAuthenticationSession();
|
||||
String errorMessage = "Failed verification during logout.";
|
||||
logger.debugf( "%s logoutSessionId=%s, clientId=%s, tabId=%s",
|
||||
|
||||
@@ -6,7 +6,7 @@
|
||||
<div id="kc-logout-confirm" class="content-area">
|
||||
<p class="instruction">${msg("logoutConfirmHeader")}</p>
|
||||
|
||||
<form class="form-actions" action="${url.logoutConfirmAction}" method="POST">
|
||||
<form class="form-actions" action="${url.logoutConfirmAction}" onsubmit="confirmLogout.disabled = true; return true;" method="POST">
|
||||
<input type="hidden" name="session_code" value="${logoutConfirm.code}">
|
||||
<div class="${properties.kcFormGroupClass!}">
|
||||
<div id="kc-form-options">
|
||||
|
||||
Reference in New Issue
Block a user