Uploaded image for project: 'Magnolia'
  1. Magnolia
  2. MAGNOLIA-4687

Reposting login form after automatic logout allows login without credentials

    XMLWordPrintable

Details

    • Bug
    • Resolution: Won't Do
    • Neutral
    • None
    • 4.5.6
    • admininterface
    • None

    Description

      In some cases, a browser reload (and repost of authentication form variables) will allow log in without authentication. We may wish to use a per-session nonce that expires on log out to prevent this issue.

      Steps to recreate:
      1. Log in
      2. Wait for automatic log out
      3. Reload the page (and repost the form)

      Checklists

        Acceptance criteria

        Attachments

          Issue Links

            Activity

              People

                Unassigned Unassigned
                zgreant Zak Greant
                Andreas Weder, Cesar Desales, Christian Ringele, Christopher Zimmermann, Daniel Lipp, Eric Hechinger, Espen Jervidalo, Federico Grilli, Jan Haderka, Jaroslav Simak, Jozef Chocholacek, Lars Fischer, Magnolia International, Mikaël Geljić, Milan Divilek, Natascha Desmarais, Ondrej Chytil, Pascal Mangold, Philipp Bärfuss, Richard Gange, Robert Šiška, Roman Kovařík, Samuel Schmitt, Teresa Miyar, Tobias Mattsson, Tomáš Gregovský, Zdenek Skodik
                Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                  Created:
                  Updated:
                  Resolved:

                  Checklists

                    Bug DoR
                    Task DoD