[MAGNOLIA-4687] Reposting login form after automatic logout allows login without credentials Created: 27/Nov/12  Updated: 19/May/22  Resolved: 19/May/22

Status: Closed
Project: Magnolia
Component/s: admininterface
Affects Version/s: 4.5.6
Fix Version/s: None

Type: Bug Priority: Neutral
Reporter: Zak Greant Assignee: Unassigned
Resolution: Won't Do Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Relates
relates to MAGNOLIA-3469 LoginFilter should return a redirect ... Closed
Template:
Acceptance criteria:
Empty
Task DoD:
[ ]* Doc/release notes changes? Comment present?
[ ]* Downstream builds green?
[ ]* Solution information and context easily available?
[ ]* Tests
[ ]* FixVersion filled and not yet released
[ ]  Architecture Decision Record (ADR)
Bug DoR:
[ ]* Steps to reproduce, expected, and actual results filled
[ ]* Affected version filled
Date of First Response:
Visible to:
Andreas Weder, Cesar Desales, Christian Ringele, Christopher Zimmermann, Daniel Lipp, Eric Hechinger, Espen Jervidalo, Federico Grilli, Jan Haderka, Jaroslav Simak, Jozef Chocholacek, Lars Fischer, Magnolia International, Mikaël Geljić, Milan Divilek, Natascha Desmarais, Ondrej Chytil, Pascal Mangold, Philipp Bärfuss, Richard Gange, Robert Šiška, Roman Kovařík, Samuel Schmitt, Teresa Miyar, Tobias Mattsson, Tomáš Gregovský, Zdenek Skodik

 Description   

In some cases, a browser reload (and repost of authentication form variables) will allow log in without authentication. We may wish to use a per-session nonce that expires on log out to prevent this issue.

Steps to recreate:
  1. Log in
  2. Wait for automatic log out
  3. Reload the page (and repost the form)


 Comments   
Comment by Roman Kovařík [ 19/May/22 ]

Hello,

This ticket is now marked as closed due to one of the following reasons:

  • A long period of inactivity
  • Uses an old or Beta version of an application, module, or framework that we no longer support
  • The issue is no longer reproducible or has been fixed in later versions

If you are still facing a problem or consider this issue still relevant, please feel free to re-open the ticket and we will reach out to you.

Thank you,
The Magnolia Team

Generated at Mon Feb 12 03:58:03 CET 2024 using Jira 9.4.2#940002-sha1:46d1a51de284217efdcb32434eab47a99af2938b.