Refined urltokens and XSRF protection

[project/luci.git] / modules / admin-full / luasrc / controller / admin / index.lua

diff --git a/modules/admin-full/luasrc/controller/admin/index.lua b/modules/admin-full/luasrc/controller/admin/index.lua
index cab9441..e2b812e 100644 (file)
--- a/modules/admin-full/luasrc/controller/admin/index.lua
+++ b/modules/admin-full/luasrc/controller/admin/index.lua
@@ -20,6 +20,7 @@ function index()
        local root = node()
        if not root.target then
                root.target = alias("admin")
+               root.index = true
        end
        
        entry({"about"}, template("about")).i18n = "admin-core"
@@ -32,11 +33,13 @@ function index()
        page.sysauth = "root"
        page.sysauth_authenticator = "htmlauth"
        page.ucidata = true
+       page.index = true
        
        local page  = node("admin", "index")
        page.target = template("admin_index/index")
        page.title  = i18n("overview", "Übersicht")
        page.order  = 10
+       page.index = true
        
        local page  = node("admin", "index", "luci")
        page.target = cbi("admin_index/luci")
@@ -46,6 +49,13 @@ function index()
 end
 
 function action_logout()
-       luci.http.header("Set-Cookie", "sysauth=; path=/")
+       local dsp = require "luci.dispatcher"
+       local sauth = require "luci.sauth"
+       if dsp.context.authsession then
+               sauth.kill(dsp.context.authsession)
+               dsp.context.urltoken.stok = nil
+       end
+
+       luci.http.header("Set-Cookie", "sysauth=; path=" .. dsp.build_url())
        luci.http.redirect(luci.dispatcher.build_url())
 end
\ No newline at end of file