From d8cd2c109f8f346df554dd84b077a82fbdd9c1e1 Mon Sep 17 00:00:00 2001
From: Sebastiaan Janssen <sebastiaan@umbraco.com>
Date: Fri, 31 Aug 2018 21:07:32 +0200
Subject: [PATCH] Merge branch 'feature/remove-logout-aspx' of
 https://github.com/imranhaidercogworks/Umbraco-CMS into
 imranhaidercogworks-feature/remove-logout-aspx

# Conflicts:
#	src/Umbraco.Web.UI/umbraco_client/Application/UmbracoApplicationActions.js
---
 src/Umbraco.Web.UI/Umbraco.Web.UI.csproj      |  1 -
 src/Umbraco.Web.UI/Umbraco/Logout.aspx        | 42 -------------------
 .../UI/Pages/UmbracoEnsuredPage.cs            | 10 ++---
 3 files changed, 5 insertions(+), 48 deletions(-)
 delete mode 100644 src/Umbraco.Web.UI/Umbraco/Logout.aspx

diff --git a/src/Umbraco.Web.UI/Umbraco.Web.UI.csproj b/src/Umbraco.Web.UI/Umbraco.Web.UI.csproj
index 08bee948ee..f5e9af6200 100644
--- a/src/Umbraco.Web.UI/Umbraco.Web.UI.csproj
+++ b/src/Umbraco.Web.UI/Umbraco.Web.UI.csproj
@@ -232,7 +232,6 @@
     <Content Include="Umbraco\Config\Lang\zh_tw.xml" />
     <Content Include="Umbraco\create.aspx" />
     <Content Include="Umbraco\Developer\Packages\installer.aspx" />
-    <Content Include="Umbraco\Logout.aspx" />
     <Content Include="Umbraco\umbraco.aspx" />
     <Compile Include="Umbraco\umbraco.aspx.cs">
       <DependentUpon>umbraco.aspx</DependentUpon>
diff --git a/src/Umbraco.Web.UI/Umbraco/Logout.aspx b/src/Umbraco.Web.UI/Umbraco/Logout.aspx
deleted file mode 100644
index 84f12f03a6..0000000000
--- a/src/Umbraco.Web.UI/Umbraco/Logout.aspx
+++ /dev/null
@@ -1,42 +0,0 @@
-<%@ Page Language="C#" %>
-<%@ Import Namespace="Umbraco.Core" %>
-<%@ Import Namespace="Umbraco.Core.IO" %>
-<%@ Import Namespace="Umbraco.Web" %>
-
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-
-<script runat="server">
-    
-// This page is here purely to deal with legacy logout redirects.    
-    protected override void OnInit(EventArgs e)
-    {
-        base.OnInit(e);
-
-        //We need to check the token in the URL to ensure it is correct otherwise malicious GET requests using CSRF attacks
-        // can easily just log the user out.
-        var token = Request["t"];
-        //only perform the logout if the token matches
-        if (token.IsNullOrWhiteSpace() == false && token == UmbracoContext.Current.Security.GetSessionId())
-        {
-            //ensure the person is definitely logged out
-            UmbracoContext.Current.Security.ClearCurrentLogin();
-        }
-        
-    }
-</script>
-
-<html xmlns="http://www.w3.org/1999/xhtml">
-    <head runat="server">
-        <title>Logout</title>
-        <script type="text/javascript">
-            //if this is not the top window, we'll assume we're in an iframe
-            // so we actually won't do anything. Otherwise if this is the top window
-            // we'll redirect to the login dialog
-            if (window == top) {
-                document.location.href = '<%= IOHelper.ResolveUrl(SystemDirectories.Umbraco).EnsureEndsWith('/') + "#/login" %>';
-            }
-        </script>
-    </head>
-    <body>        
-    </body>
-</html>
diff --git a/src/Umbraco.Web/UI/Pages/UmbracoEnsuredPage.cs b/src/Umbraco.Web/UI/Pages/UmbracoEnsuredPage.cs
index a8cb93c704..30adf2cc3d 100644
--- a/src/Umbraco.Web/UI/Pages/UmbracoEnsuredPage.cs
+++ b/src/Umbraco.Web/UI/Pages/UmbracoEnsuredPage.cs
@@ -112,11 +112,11 @@ namespace Umbraco.Web.UI.Pages
                 // Clear content as .NET transfers rendered content.
                 Response.Clear();
 
-                // Some umbraco pages should not be loaded on timeout, but instead reload the main application in the top window. Like the treeview for instance
-                if (RedirectToUmbraco)
-                    Response.Redirect(SystemDirectories.Umbraco + "/logout.aspx?t=" + Security.GetSessionId(), true);
-                else
-                    Response.Redirect(SystemDirectories.Umbraco + "/logout.aspx?redir=" + Server.UrlEncode(Request.RawUrl) + "&t=" + Security.GetSessionId(), true);
+                // Ensure the person is definitely logged out
+                UmbracoContext.Current.Security.ClearCurrentLogin();
+
+                // Redirect to the login page
+                Response.Redirect(SystemDirectories.Umbraco + "#/login", true);
             }
         }