diff -Nur smeserver-userpanel-0.9-old/root/etc/e-smith/web/common/cgi-bin/logout-user smeserver-userpanel-0.9/root/etc/e-smith/web/common/cgi-bin/logout-user
--- smeserver-userpanel-0.9-old/root/etc/e-smith/web/common/cgi-bin/logout-user 1970-01-01 01:00:00.000000000 +0100
+++ smeserver-userpanel-0.9/root/etc/e-smith/web/common/cgi-bin/logout-user 2013-11-28 19:29:54.000000000 +0100
@@ -0,0 +1,128 @@
+#!/usr/bin/perl -w
+#
+# mod_auth_tkt sample logout script
+#
+# Note that this needs script needs to be available locally on all domains
+# if using multiple domains (unlike login.cgi, which only needs to exist
+# on one domain).
+#
+
+use File::Basename;
+use lib dirname($ENV{SCRIPT_FILENAME});
+use Apache::AuthTkt 0.03;
+use CGI qw(:standard);
+use URI::Escape;
+use URI;
+use strict;
+
+# ------------------------------------------------------------------------
+# Configure this section to taste
+
+# CSS stylesheet to use (optional)
+my $STYLESHEET = '/server-common/css/tkt.css';
+# Page title (optional)
+my $TITLE = '';
+# Boolean flag, whether to fallback to HTTP_REFERER for back link
+my $BACK_REFERER = 1;
+# Additional cookies to clear on logout e.g. PHPSESSID
+my @NUKE_COOKIES = qw();
+
+# ------------------------------------------------------------------------
+# Main code begins
+my $debug = 0;
+my $at = Apache::AuthTkt->new(conf => "/etc/e-smith/web/common/cgi-bin/AuthTKT.cfg");
+my $q = CGI->new;
+my ($server_name, $server_port) = split /:/, $q->http('X-Forwarded-Host') || $ENV{HTTP_HOST};
+#warn "servername is $server_name; HOST is $ENV{HTTP_HOST}\n";
+$server_name ||= $ENV{SERVER_NAME};
+$server_port ||= $ENV{SERVER_PORT};
+$server_port = '443';
+my $AUTH_DOMAIN = $server_name;
+my $back = $q->cookie($at->back_cookie_name) if $at->back_cookie_name;
+$back ||= $q->param($at->back_arg_name) if $at->back_arg_name;
+$back ||= $ENV{HTTP_REFERER} if $BACK_REFERER;
+$back = "/user-manager/";
+if ($back && $back =~ m!^/!) {
+ my $hostname = $server_name;
+ my $port = $server_port;
+ $hostname .= ':' . $port if $port && $port != 80 && $port != 443;
+ $back = sprintf "http%s://%s%s", ($port == 443 ? 's' : ''), $hostname, $back;
+} elsif ($back && $back !~ m/^http/i) {
+ $back = 'http://' . $back;
+}
+$back = uri_unescape($back) if $back =~ m/^https?%3A%2F%2F/;
+my $back_html = escapeHTML($back) if $back;
+
+# Logout by resetting the auth cookie
+my @cookies = cookie(-name => $at->cookie_name, -value => '', -expires => '-1h',
+ ($AUTH_DOMAIN && $AUTH_DOMAIN =~ /\./ ? (-domain => $AUTH_DOMAIN) : ()));
+push @cookies, map { cookie(-name => $_, -value => '', -expires => '-1h') } @NUKE_COOKIES;
+
+my $redirected = 0;
+if ($back) {
+ my $b = URI->new($back);
+ # If $back domain doesn't match $AUTH_DOMAIN, add ticket reset to back
+ if ($b->host !~ m/\b$AUTH_DOMAIN$/i) {
+ $back .= $b->query ? '&' : '?';
+ $back .= $at->cookie_name . '=';
+ }
+
+ if ($debug) {
+ print $q->header(-cookie => \@cookies);
+ }
+
+ else {
+ # Set (local) cookie, and redirect to $back
+ print $q->header(
+ -cookie => \@cookies,
+# -location => $back,
+ );
+ # For some reason, a Location: redirect doesn't seem to then see the cookie,
+ # but a meta refresh one does - weird
+ print $q->start_html(
+ -head => meta({
+ -http_equiv => 'refresh', -content => "0;URL=$back"
+ }));
+ $redirected = 1;
+ }
+}
+
+# If no $back, just set the auth cookie and hope for the best
+else {
+ print $q->header(-cookie => \@cookies);
+}
+
+my @style = $STYLESHEET ? ('-style' => { src => $STYLESHEET }) : ();
+$TITLE ||= 'Logout Page';
+unless ($redirected) {
+ # If here, either some kind of error or no back ref found
+ print $q->start_html(
+ -title => $TITLE,
+ @style,
+ );
+ print <$TITLE
+EOD
+ if ($debug) {
+ print <
Return to server manager login
\n) if $back_html; + print <