--- loncom/auth/switchserver.pm	2017/02/25 20:00:36	1.36
+++ loncom/auth/switchserver.pm	2018/07/04 16:58:19	1.41
@@ -1,7 +1,7 @@
 # The LearningOnline Network
 # Switch Servers Handler
 #
-# $Id: switchserver.pm,v 1.36 2017/02/25 20:00:36 raeburn Exp $
+# $Id: switchserver.pm,v 1.41 2018/07/04 16:58:19 raeburn Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -129,8 +129,12 @@ sub handler {
                     $skip_canhost_check = 1;
                 }
             } elsif ($env{'form.role'} =~ m{^[ac]a\./($match_domain)/($match_username)$}) {
-                if (&Apache::lonnet::homeserver($2,$1) eq $env{'form.otherserver'}) {
-                    $skip_canhost_check = 1; 
+                my ($audom,$auname) = ($1,$2);
+                if (&Apache::lonnet::homeserver($auname,$audom) eq $env{'form.otherserver'}) {
+                    if ((&Apache::lonnet::will_trust('othcoau',$audom,$env{'user.domain'})) &&
+                        (&Apache::lonnet::will_trust('coremau',$env{'user.domain'},$audom))) {                             
+                        $skip_canhost_check = 1;
+                    }
                 }
             }
         }
@@ -162,12 +166,14 @@ sub handler {
     }
 
     #remove session env, and log event
-    unlink($handle);
-    if ($env{'user.linkedenv'} ne '') {
-        my $lonidsdir=$r->dir_config('lonIDsDir');
-        if ((-l $env{'user.linkedenv'}) &&
-            (readlink($env{'user.linkedenv'}) eq "$lonidsdir/$handle.id")) {
-            unlink($env{'user.linkedenv'});
+    if (unlink($handle)) {
+        if ($env{'user.linkedenv'} ne '') {
+            my $lonidsdir=$r->dir_config('lonIDsDir');
+            if (($env{'user.linkedenv'} =~ /^[a-f0-9]+_linked$/) &&
+                (-l "$lonidsdir/$env{'user.linkedenv'}.id") &&
+                (readlink("$lonidsdir/$env{'user.linkedenv'}.id") eq $handle)) {
+                unlink("$lonidsdir/$env{'user.linkedenv'}.id");
+            }
         }
     }
     my %temp=('switchserver' => time.':'.$env{'form.otherserver'},
@@ -176,6 +182,10 @@ sub handler {
     my $logmsg = "Switch Server to $env{'form.otherserver'}";
     if ($env{'form.role'}) {
         $logmsg .= " with role: $env{'form.role'}";
+    } elsif (($env{'form.lti.reqcrs'}) && ($env{'form.lti.reqrole'} eq 'cc')) {
+        $logmsg .= " to create new LTI course";
+    } elsif ($env{'form.lti.selfenrollrole'}) {
+        $logmsg .= " to selfenroll with role: $env{'form.lti.selfenrollrole'}";
     } else {
         $logmsg .= " (no role)";
     }
@@ -185,18 +195,15 @@ sub handler {
 
     &Apache::loncommon::content_type($r,'text/html');
 
-    #expire the cookie
-    my $c = new CGI::Cookie(-name    => 'lonID',
-			    -value   => '',
-			    -expires => '-10y',);
-    $r->headers_out->add('Set-cookie' => $c);
-    if ($env{'user.linkedenv'}) {
-        my $linked = new CGI::Cookie(-name    => 'lonLinkID',
-                                     -value   => '',
-                                     -expires => '-10y',);
-        $r->headers_out->add('Set-cookie' => $linked);
+    #expire the cookies
+    my %cookies=CGI::Cookie->parse($r->header_in('Cookie'));
+    foreach my $name (keys(%cookies)) {
+        next unless ($name =~ /^lon(|S|Link|Pub)ID$/);
+        my $c = new CGI::Cookie(-name    => $name,
+                                -value   => '',
+                                -expires => '-10y',);
+        $r->headers_out->add('Set-cookie' => $c);
     }
-
     if ($r->header_only) {
 	$r->send_http_header;
 	return OK;
@@ -224,6 +231,39 @@ sub handler {
     if ($env{'request.sso.reloginserver'}) {
         $info{'sso.reloginserver'} = $env{'request.sso.reloginserver'};
     }
+    if ($env{'request.lti.login'}) {
+        $info{'lti.login'} = $env{'request.lti.login'};
+    }
+    if ($env{'request.lti.uri'}) {
+        $info{'lti.uri'} = $env{'request.lti.uri'};
+    }
+    if ($env{'request.lti.reqcrs'}) {
+        $info{'lti.reqcrs'} = $env{'request.lti.reqcrs'};
+    }
+    if ($env{'request.lti.reqrole'}) {
+        $info{'lti.reqrole'} = $env{'request.lti.reqrole'};
+    }
+    if ($env{'request.lti.selfenrollrole'}) {
+        $info{'lti.selfenrollrole'} = $env{'request.lti.selfenrollrole'};
+    }
+    if ($env{'request.lti.sourcecrs'}) {
+        $info{'lti.sourcecrs'} = $env{'request.lti.sourcecrs'};
+    }
+    if ($env{'request.lti.passbackid'}) {
+        $info{'lti.passbackid'} = $env{'request.lti.passbackid'};
+    }
+    if ($env{'request.lti.passbackurl'}) {
+        $info{'lti.passbackurl'} = $env{'request.lti.passbackurl'};
+    }
+    if ($env{'request.lti.rosterid'}) {
+        $info{'lti.rosterid'} = $env{'request.lti.rosterid'};
+    }
+    if ($env{'request.lti.rosterurl'}) {
+        $info{'lti.rosterurl'} = $env{'request.lti.rosterurl'};
+    }
+    if ($env{'request.lti.target'}) {
+        $info{'lti.target'} = $env{'request.lti.target'};
+    }
     my $token = &Apache::lonnet::tmpput(\%info,$env{'form.otherserver'});
     my $url =$protocol.'://'.$switch_to.'/adm/login?'.
 	'domain='.$env{'user.domain'}.