@RequireCSRFCheck
 public static Result login() {
   Form<LoginForm> loginForm = form(LoginForm.class).bindFromRequest();
   if (loginForm.hasErrors()) {
     return badRequest(login.render(loginForm));
   } else {
     session("loginUser", loginForm.get().getName());
     String returnUrl = ctx().session().get("returnUrl");
     if (returnUrl == null
         || returnUrl.equals("")
         || returnUrl.equals(routes.LoginController.index().absoluteURL(request()))) {
       returnUrl = routes.QandaController.index().url();
     }
     return redirect(returnUrl);
   }
 }
 @Authenticated(PetriAuthenticator.class)
 public static Result logout() {
   session().clear();
   return redirect(routes.LoginController.index());
 }