Merge branch 'feature/remove-logout-aspx' of https://github.com/imranhaidercogworks/Umbraco-CMS into imranhaidercogworks-feature/remove-logout-aspx

# Conflicts:
#	src/Umbraco.Web.UI/umbraco_client/Application/UmbracoApplicationActions.js

src/Umbraco.Web.UI/Umbraco.Web.UI.csproj

@@ -232,7 +232,6 @@
     <Content Include="Umbraco\Config\Lang\zh_tw.xml" />
     <Content Include="Umbraco\create.aspx" />
     <Content Include="Umbraco\Developer\Packages\installer.aspx" />
-    <Content Include="Umbraco\Logout.aspx" />
     <Content Include="Umbraco\umbraco.aspx" />
     <Compile Include="Umbraco\umbraco.aspx.cs">
       <DependentUpon>umbraco.aspx</DependentUpon>

src/Umbraco.Web.UI/Umbraco/Logout.aspx

@@ -1,42 +0,0 @@
-<%@ Page Language="C#" %>
-<%@ Import Namespace="Umbraco.Core" %>
-<%@ Import Namespace="Umbraco.Core.IO" %>
-<%@ Import Namespace="Umbraco.Web" %>
-
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-
-<script runat="server">
-    
-// This page is here purely to deal with legacy logout redirects.    
-    protected override void OnInit(EventArgs e)
-    {
-        base.OnInit(e);
-
-        //We need to check the token in the URL to ensure it is correct otherwise malicious GET requests using CSRF attacks
-        // can easily just log the user out.
-        var token = Request["t"];
-        //only perform the logout if the token matches
-        if (token.IsNullOrWhiteSpace() == false && token == UmbracoContext.Current.Security.GetSessionId())
-        {
-            //ensure the person is definitely logged out
-            UmbracoContext.Current.Security.ClearCurrentLogin();
-        }
-        
-    }
-</script>
-
-<html xmlns="http://www.w3.org/1999/xhtml">
-    <head runat="server">
-        <title>Logout</title>
-        <script type="text/javascript">
-            //if this is not the top window, we'll assume we're in an iframe
-            // so we actually won't do anything. Otherwise if this is the top window
-            // we'll redirect to the login dialog
-            if (window == top) {
-                document.location.href = '<%= IOHelper.ResolveUrl(SystemDirectories.Umbraco).EnsureEndsWith('/') + "#/login" %>';
-            }
-        </script>
-    </head>
-    <body>        
-    </body>
-</html>

src/Umbraco.Web/UI/Pages/UmbracoEnsuredPage.cs

@@ -112,11 +112,11 @@ namespace Umbraco.Web.UI.Pages
                 // Clear content as .NET transfers rendered content.
                 Response.Clear();
 
-                // Some umbraco pages should not be loaded on timeout, but instead reload the main application in the top window. Like the treeview for instance
-                if (RedirectToUmbraco)
-                    Response.Redirect(SystemDirectories.Umbraco + "/logout.aspx?t=" + Security.GetSessionId(), true);
-                else
-                    Response.Redirect(SystemDirectories.Umbraco + "/logout.aspx?redir=" + Server.UrlEncode(Request.RawUrl) + "&t=" + Security.GetSessionId(), true);
+                // Ensure the person is definitely logged out
+                UmbracoContext.Current.Security.ClearCurrentLogin();
+
+                // Redirect to the login page
+                Response.Redirect(SystemDirectories.Umbraco + "#/login", true);
             }
         }