Re: Membership logoff page
I am using the Website Membership plugin and I have set my logoff URL to be google.com:
$GLOBALS['WEBSITE_LOGIN_POST_LOGOFF_URL'] = PREFIX_URL.'https://www.google.com';
When I click a logoff text link the page just refreshes and it seems I am not logged out.
This is the link code I am using:
<a href="?action=logoff">Sign out</a>
Could someone please advise me?
There are a few things to comment on here.
First, it looks like there's an issue in the plugin where it will essentially never use the WEBSITE_LOGIN_POST_LOGOFF_URL value. If you want to use the post-logoff URL, find the following line in websiteMembership.php (line 189 in version 1.13):
$logoffUrl = coalesce(@$_SERVER['HTTP_REFERER'], $GLOBALS['WEBSITE_LOGIN_POST_LOGOFF_URL'], $currentPageUrl, '/');
And change it to this:
$logoffUrl = coalesce($GLOBALS['WEBSITE_LOGIN_POST_LOGOFF_URL'], @$_SERVER['HTTP_REFERER'], $currentPageUrl, '/');
Second, you can remove "PREFIX_URL" from the Google URL so that it looks like this:
$GLOBALS['WEBSITE_LOGIN_POST_LOGOFF_URL'] = 'https://www.google.com';
In most cases, PREFIX_URL will be empty and not cause any issues, but there are some situations where it could be a problem.
Unfortunately, I can't think of a reason why the above issues would prevent you from logging out; the link you're using should work regardless. My recommendation at this point would be to try making the above changes to see if there's any effect, in case they're having some unexpected effect. If not, let me know and I can try to think of some further troubleshooting steps.
Thank you for the reply. I have followed your suggestions but the logoff is still not redirecting to google.com.
I would be extremely grateful if you could suggest any other things I can try.
That's a very curious issue. Can you fill out a 2nd level support request (https://www.interactivetools.com/support/request/) and I can take a look at it directly?
Thanks for the suggestion. Can you explain what exactly you did to fix this? Is it just a case of ensuring that there are no links with mixed content?
That's correct, just making sure that I was logged in using https, then logging out via https... The easiest way I can think of to ensure that is to force https via .htaccess?
Thank, Tim. I’m actually already forcing https and all my links are relative...
Hopefully Daniel will find the solution!
Thanks for sending in the support request; I was able to figure out the issue. In your .htacces you have a number of rules to set up Expires caching, and two of them were causing some problems:
ExpiresByType text/html "access 1 month" ExpiresDefault "access 2 days"
These were causing the browser to cache any HTML pages, including things like where they redirect to. When dealing with a dynamic site that returns HTML based on things like login status this can create a lot of inconsistent behaviours, such as not logging out correctly and not processing redirects as expected. I've commented out these two rules, and things appear to be working as expected now. As you've likely already cached the pages, you'll probably need to clear your cache in order to start seeing the effect.
Let me know if that fixes things for you, or if you have any other questions.