--- loncom/auth/switchserver.pm	2013/09/29 00:49:24	1.32
+++ loncom/auth/switchserver.pm	2017/02/25 20:00:36	1.36
@@ -1,7 +1,7 @@
 # The LearningOnline Network
 # Switch Servers Handler
 #
-# $Id: switchserver.pm,v 1.32 2013/09/29 00:49:24 raeburn Exp $
+# $Id: switchserver.pm,v 1.36 2017/02/25 20:00:36 raeburn Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -96,21 +96,34 @@ sub handler {
 
     if (!defined($switch_to)) { return FORBIDDEN; }
 
+    my $protocol = 'http';
+    if ($env{'form.otherserver'}) {
+        if ($Apache::lonnet::protocol{$env{'form.otherserver'}} eq 'https') {
+            $protocol = $Apache::lonnet::protocol{$env{'form.otherserver'}};
+        }
+    } 
+
     if ($env{'user.name'} eq 'public'
 	&& $env{'user.domain'} eq 'public') {
-	my $url = 'http://'.$switch_to.$r->uri;
+	my $url = $protocol.'://'.$switch_to.$r->uri;
+        unlink($handle);
+        #expire the cookie
+        my $c = new CGI::Cookie(-name    => 'lonPubID',
+                                -value   => '',
+                                -expires => '-10y',);
+        $r->header_out('Set-cookie' => $c);
 	return &do_redirect($r,$url,1)
     }
 
     my $skip_canhost_check = '';
     if ($env{'form.role'}) {
         if (!exists($env{'user.role.'.$env{'form.role'}})) {
-            return FORBIDDEN;
+            delete($env{'form.role'});
         } else {
             my $now = time;
             my ($start,$end) = split(/\./,$env{'user.role.'.$env{'form.role'}});
             if (($start && $start > $now) || ($end && $end < $now)) {
-                return FORBIDDEN;
+                delete($env{'form.role'});
             } elsif ($env{'form.role'} eq 'au./'.$env{'user.domain'}.'/') {
                 if (&Apache::lonnet::homeserver($env{'user.name'},$env{'user.domain'}) eq $env{'form.otherserver'}) {
                     $skip_canhost_check = 1;
@@ -150,12 +163,25 @@ sub handler {
 
     #remove session env, and log event
     unlink($handle);
+    if ($env{'user.linkedenv'} ne '') {
+        my $lonidsdir=$r->dir_config('lonIDsDir');
+        if ((-l $env{'user.linkedenv'}) &&
+            (readlink($env{'user.linkedenv'}) eq "$lonidsdir/$handle.id")) {
+            unlink($env{'user.linkedenv'});
+        }
+    }
     my %temp=('switchserver' => time.':'.$env{'form.otherserver'},
 	      $env{'form.role'});
     &Apache::lonnet::put('email_status',\%temp);
+    my $logmsg = "Switch Server to $env{'form.otherserver'}";
+    if ($env{'form.role'}) {
+        $logmsg .= " with role: $env{'form.role'}";
+    } else {
+        $logmsg .= " (no role)";
+    }
+    $logmsg .= ' '.$ENV{'REMOTE_ADDR'};
     &Apache::lonnet::log($env{'user.domain'},$env{'user.name'},
-			 $env{'user.home'},
-			 "Switch Server to $env{'form.otherserver'} with role $env{'form.role'} $ENV{'REMOTE_ADDR'}");
+			 $env{'user.home'},$logmsg);
 
     &Apache::loncommon::content_type($r,'text/html');
 
@@ -163,7 +189,13 @@ sub handler {
     my $c = new CGI::Cookie(-name    => 'lonID',
 			    -value   => '',
 			    -expires => '-10y',);
-    $r->header_out('Set-cookie' => $c);
+    $r->headers_out->add('Set-cookie' => $c);
+    if ($env{'user.linkedenv'}) {
+        my $linked = new CGI::Cookie(-name    => 'lonLinkID',
+                                     -value   => '',
+                                     -expires => '-10y',);
+        $r->headers_out->add('Set-cookie' => $linked);
+    }
 
     if ($r->header_only) {
 	$r->send_http_header;
@@ -193,7 +225,7 @@ sub handler {
         $info{'sso.reloginserver'} = $env{'request.sso.reloginserver'};
     }
     my $token = &Apache::lonnet::tmpput(\%info,$env{'form.otherserver'});
-    my $url ='http://'.$switch_to.'/adm/login?'.
+    my $url =$protocol.'://'.$switch_to.'/adm/login?'.
 	'domain='.$env{'user.domain'}.
 	'&amp;username='.$env{'user.name'}.
 	'&amp;token='.$token;