From 6c060d9fa780d8d54b1864a2794701a3c93e9e63 Mon Sep 17 00:00:00 2001
From: Trevor Richards <trev@trevdev.ca>
Date: Mon, 10 Nov 2025 11:11:05 -0800
Subject: [PATCH] wip: fix session timeout redirect

---
 backend/src/routes/auth.js | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/backend/src/routes/auth.js b/backend/src/routes/auth.js
index b156958b7..329ae355e 100644
--- a/backend/src/routes/auth.js
+++ b/backend/src/routes/auth.js
@@ -67,13 +67,12 @@ router.get('/logout', async (req, res, next) => {
 
     req.session.destroy();
 
-    let endpoint = '';
+    // If the session has expired just return as SSO logout isn't required
     if (req.query?.sessionExpired) {
-      endpoint = `/session-expired?idir=${isIdir}`;
-    } else {
-      endpoint = `/logout?idir=${isIdir}`;
+      return res.redirect(`/session-expired?idir=${isIdir}`);
     }
 
+    const endpoint = `/logout?idir=${isIdir}`;
     const redirectUri = `${config.get('server:frontend')}${endpoint}`;
     const retUrl = encodeURIComponent(`${config.get('logoutEndpoint')}?post_logout_redirect_uri=${redirectUri}&id_token_hint=${idToken}`);
     const logoutUrl = config.get('siteMinder_logout_endpoint') + retUrl;