Details
-
Improvement
-
Resolution: Won't Do
-
Neutral
-
None
-
4.4
-
None
Description
When a request for a protected resource fails due to authorization we output the login form. When the user submits this form, using a POST request, and the login succeeds we let the request finish by accessing the resource with a POST. This can lead to problems as the resource might not be intended to be used with POST or expects other parameters than those available in the login form.
Also, the initial attempt to access a resource such as /demo-project/some-page.html is for using a GET, not a POST, so when the login succeeds we are not presenting what the initial attempt would have displayed had the user been logged in.
While non critical, the user experience could be better.
Potentially there is code that relies on these parameters in requests after the loginfilter have executed. This might especially be the case with the PUR module.
Checklists
Attachments
Issue Links
- relates to
-
MAGNOLIA-4687 Reposting login form after automatic logout allows login without credentials
-
- Closed
-