Uploaded image for project: 'Magnolia'
  1. Magnolia
  2. MAGNOLIA-3469

LoginFilter should return a redirect upon successful login instead of continuing the request

    XMLWordPrintable

Details

    • Improvement
    • Resolution: Won't Do
    • Neutral
    • None
    • 4.4
    • security
    • None

    Description

      When a request for a protected resource fails due to authorization we output the login form. When the user submits this form, using a POST request, and the login succeeds we let the request finish by accessing the resource with a POST. This can lead to problems as the resource might not be intended to be used with POST or expects other parameters than those available in the login form.

      Also, the initial attempt to access a resource such as /demo-project/some-page.html is for using a GET, not a POST, so when the login succeeds we are not presenting what the initial attempt would have displayed had the user been logged in.

      While non critical, the user experience could be better.

      Potentially there is code that relies on these parameters in requests after the loginfilter have executed. This might especially be the case with the PUR module.

      Checklists

        Acceptance criteria

        Attachments

          Issue Links

            Activity

              People

                pbaerfuss Philipp Bärfuss
                tmattsson Tobias Mattsson
                Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                  Created:
                  Updated:
                  Resolved:

                  Checklists

                    Task DoD