Actions
Patch #19655
closed
Set a back_url when forcing new login after session expiration
Status:
Closed
Priority:
Normal
Assignee:
Category:
Accounts / authentication
Target version:
Start date:
Due date:
% Done:
0%
Estimated time:
Description
Right now, when a session expired (either due to long inactivity or general maximum duration), the user is redirected to /login without a back_url. After login, the user is thus lost and doesn't return to where they were. This is thus a deviation from the normal forced authentication flow.
The attached patch, we extracted from Planio fixes this by re-purposing the existing means for a proper redirect to /login and thus sets a matching back_url. The patch is made against current trunk at r14180 but should also apply cleanly to all prior versions until at least 2.5.
Files
Related issues
Updated by
Updated by Holger Just about 10 years ago
Compared to #18980, this patch doesn't duplicate the behavior or require_login and contains working tests.
Updated by Go MAEDA about 10 years ago
- Related to Patch #18980: Parameter back_url not set on redirect to login page when session has expired added
Updated by Jean-Philippe Lang about 10 years ago
- Status changed from New to Resolved
- Assignee set to Jean-Philippe Lang
- Target version set to 3.0.3
Patch committed, thanks.
Updated by Jean-Philippe Lang about 10 years ago
- Status changed from Resolved to Closed
Updated by Jean-Philippe Lang about 10 years ago
- Target version changed from 3.0.3 to 2.6.5
Actions