From b449b0b6604169214da3f5dc593a30dfa08ff753 Mon Sep 17 00:00:00 2001
From: reger <reger18@arcor.de>
Date: Fri, 18 Nov 2016 02:39:53 +0100
Subject: [PATCH] remove login request directly after logout, and add logout
 from servlet container make logout button red

---
 htroot/User.html |  4 ++--
 htroot/User.java | 10 +++++-----
 2 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/htroot/User.html b/htroot/User.html
index 42d3bf261..d2a5f689e 100644
--- a/htroot/User.html
+++ b/htroot/User.html
@@ -22,7 +22,7 @@
       You are currently logged in as #[username]#.<br />
       (Identified by #(identified-by)#IP::Username/Password::Cookie#(/identified-by)#)<br />
       <form action="User.html" accept-charset="UTF-8">
-        <input type="submit" name="logout" class="btn btn-primary" value="logout">
+        <input type="submit" name="logout" class="btn btn-danger" value="logout">
       </form>
       #(limit)#::
       #{percent}#<img src="env/grafics/red-block.png" alt="red bar" />#{/percent}##{percent2}#<img src="env/grafics/green-block.png" alt="green bar" />#{/percent2}#
@@ -52,7 +52,7 @@
     ::
     You are currently logged in as admin.<br />
     <form action="User.html" accept-charset="UTF-8">
-      <input type="submit" name="logout" class="btn btn-primary" value="logout">
+      <input type="submit" name="logout" class="btn btn-danger" value="logout">
     </form>
     <br />
     <p>(after logout you will be prompted for your password again. simply click "cancel")</p>
diff --git a/htroot/User.java b/htroot/User.java
index 051d7e25d..b09e80bdd 100644
--- a/htroot/User.java
+++ b/htroot/User.java
@@ -27,6 +27,7 @@
 //javac -classpath .:../Classes Message.java
 //if the shell's current path is HTROOT
 
+import javax.servlet.ServletException;
 import net.yacy.cora.order.Base64Order;
 import net.yacy.cora.order.Digest;
 import net.yacy.cora.protocol.RequestHeader;
@@ -53,7 +54,7 @@ public class User{
         prop.put("logged-in_username", "");
         prop.put("logged-in_returnto", "");
         //identified via HTTPPassword
-        entry=sb.userDB.proxyAuth((requestHeader.get(RequestHeader.AUTHORIZATION, "xxxxxx")));
+        entry=sb.userDB.proxyAuth(requestHeader.get(RequestHeader.AUTHORIZATION, "xxxxxx"));
         if(entry != null){
         	prop.put("logged-in_identified-by", "1");
         //try via cookie
@@ -159,10 +160,9 @@ public class User{
             }else{
                 sb.userDB.adminLogout(UserDB.getLoginToken(requestHeader.getHeaderCookies()));
             }
-            //XXX: This should not be needed anymore, because of isLoggedout
-            if(! (requestHeader.get(RequestHeader.AUTHORIZATION, "xxxxxx")).equals("xxxxxx")){
-            	prop.authenticationRequired();
-            }
+            try {
+                requestHeader.logout(); // servlet container session logout
+            } catch (ServletException ex) {}
             if(post.containsKey("returnto")){
                 prop.putHTML(serverObjects.ACTION_LOCATION, post.get("returnto"));
             }