[MAGNOLIA-3469] LoginFilter should return a redirect upon successful login instead of continuing the request Created: 16/Dec/10 Updated: 04/Nov/15 Resolved: 04/Nov/15 |
|
| Status: | Closed |
| Project: | Magnolia |
| Component/s: | security |
| Affects Version/s: | 4.4 |
| Fix Version/s: | None |
| Type: | Improvement | Priority: | Neutral |
| Reporter: | Tobias Mattsson | Assignee: | Philipp Bärfuss |
| Resolution: | Won't Do | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||||||
| Template: |
|
||||||||
| Acceptance criteria: |
Empty
|
||||||||
| Task DoD: |
[ ]*
Doc/release notes changes? Comment present?
[ ]*
Downstream builds green?
[ ]*
Solution information and context easily available?
[ ]*
Tests
[ ]*
FixVersion filled and not yet released
[ ] 
Architecture Decision Record (ADR)
|
||||||||
| Date of First Response: | |||||||||
| Description |
|
When a request for a protected resource fails due to authorization we output the login form. When the user submits this form, using a POST request, and the login succeeds we let the request finish by accessing the resource with a POST. This can lead to problems as the resource might not be intended to be used with POST or expects other parameters than those available in the login form. Also, the initial attempt to access a resource such as /demo-project/some-page.html is for using a GET, not a POST, so when the login succeeds we are not presenting what the initial attempt would have displayed had the user been logged in. While non critical, the user experience could be better. Potentially there is code that relies on these parameters in requests after the loginfilter have executed. This might especially be the case with the PUR module. |
| Comments |
| Comment by Michael Mühlebach [ 04/Nov/15 ] |
|
Given the thousands of other issues we have open that are more highly requested, we won't be able to address this issue in the foreseeable future. Instead we will focus on issues with a higher impact, and more votes. |