[MAGNOLIA-3469] LoginFilter should return a redirect upon successful login instead of continuing the request Created: 16/Dec/10  Updated: 04/Nov/15  Resolved: 04/Nov/15

Status: Closed
Project: Magnolia
Component/s: security
Affects Version/s: 4.4
Fix Version/s: None

Type: Improvement Priority: Neutral
Reporter: Tobias Mattsson Assignee: Philipp Bärfuss
Resolution: Won't Do Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Relates
relates to MAGNOLIA-4687 Reposting login form after automatic ... Closed
Template:
Acceptance criteria:
Empty
Task DoD:
[ ]* Doc/release notes changes? Comment present?
[ ]* Downstream builds green?
[ ]* Solution information and context easily available?
[ ]* Tests
[ ]* FixVersion filled and not yet released
[ ]  Architecture Decision Record (ADR)
Date of First Response:

 Description   

When a request for a protected resource fails due to authorization we output the login form. When the user submits this form, using a POST request, and the login succeeds we let the request finish by accessing the resource with a POST. This can lead to problems as the resource might not be intended to be used with POST or expects other parameters than those available in the login form.

Also, the initial attempt to access a resource such as /demo-project/some-page.html is for using a GET, not a POST, so when the login succeeds we are not presenting what the initial attempt would have displayed had the user been logged in.

While non critical, the user experience could be better.

Potentially there is code that relies on these parameters in requests after the loginfilter have executed. This might especially be the case with the PUR module.



 Comments   
Comment by Michael Mühlebach [ 04/Nov/15 ]

Given the thousands of other issues we have open that are more highly requested, we won't be able to address this issue in the foreseeable future. Instead we will focus on issues with a higher impact, and more votes.
Thanks for taking the time to raise this issue. As you are no doubt aware this issue has been on our backlog for some time now with very little movement.
I'm going to close this to set expectations so the issue doesn't stay open for years with few updates. If the issue is still relevant please feel free to reopen it or create a new issue.

Generated at Mon Feb 12 03:46:46 CET 2024 using Jira 9.4.2#940002-sha1:46d1a51de284217efdcb32434eab47a99af2938b.