--- loncom/auth/migrateuser.pm	2021/11/03 01:04:02	1.54
+++ loncom/auth/migrateuser.pm	2022/02/24 00:13:54	1.58
@@ -1,7 +1,7 @@
 # The LearningOnline Network
 # Starts a user off based of an existing token.
 #
-# $Id: migrateuser.pm,v 1.54 2021/11/03 01:04:02 raeburn Exp $
+# $Id: migrateuser.pm,v 1.58 2022/02/24 00:13:54 raeburn Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -703,29 +703,47 @@ sub handler {
             }
         }
     } else {
-	my $handle = &Apache::lonnet::check_for_valid_session($r);
+        my ($handle,$expirepub);
+        $handle = &Apache::lonnet::check_for_valid_session($r);
+
+# For "public user" - remove any existing "public" cookie so actual user is logged in.
+        if ($handle) {
+            if ($handle=~/^publicuser\_/) {
+                my $lonidsdir=$r->dir_config('lonIDsDir');
+                if ($lonidsdir ne '') {
+                    unlink("$lonidsdir/$handle.id");
+                }
+                undef($handle);
+                $expirepub = 1;
+            }
+        }
 	if ($handle) {
 	    &Apache::lonnet::transfer_profile_to_env($r->dir_config('lonIDsDir'),
 						     $handle);
             my $checklaunch;
             if ($data{'origurl'} =~ m{^/tiny/$match_domain/\w+$}) {
-                if ($env{'request.linkprot'} ne '') {
-                     unless ($env{'request.linkprot'} eq $data{'linkprot'}) {
-                         $checklaunch = 1;
-                     }
-                }
-                if ($env{'request.linkkey'} ne '') {
-                    unless ($env{'request.linkkey'} eq $data{'linkkey'}) {
-                        $checklaunch = 1;
-                    }
+                unless ($env{'request.linkprot'} eq $data{'linkprot'}) {
+                    $checklaunch = 1;
                 }
-                if ($env{'request.deeplink.login'}) {
-                    unless ($env{'request.deeplink.login'} eq $data{'deeplink.login'}) {
-                        $checklaunch = 1;
-                    }
+                unless ($env{'request.linkkey'} eq $data{'linkkey'}) {
+                    $checklaunch = 1;
+                }
+                unless ($env{'request.deeplink.login'} eq $data{'deeplink.login'}) {
+                    $checklaunch = 1;
                 }
             }
             if ($data{'linkprot'} ne '') {
+                if (($env{'user.name'} ne $data{'username'}) ||
+                    ($env{'user.domain'} ne $data{'domain'})) {
+                    my %linkprot_env;
+                    foreach my $item ('linkprot','deeplink.login') {
+                        if ($data{$item}) {
+                            $linkprot_env{'request.'.$item} = $data{$item};
+                        }
+                    }
+                    &logout($r,$ip,$handle,\%data,\%linkprot_env);
+                    return OK;
+                }
                 &Apache::lonnet::appenv({'request.linkprot' => $data{'linkprot'}});
                 if ($env{'request.linkkey'}) {
                     &Apache::lonnet::delenv('request.linkkey');
@@ -945,7 +963,8 @@ sub handler {
                 }
             }
 	    &Apache::lonauth::success($r,$data{'username'},$data{'domain'},
-				      $home,$desturl,$extra_env,\%form,$skipcritical);
+				      $home,$desturl,$extra_env,\%form,$skipcritical,'',
+                                      $expirepub);
 	}
 	return OK;
     }