Set a back_url when forcing new login after session expiration
|Assignee:||Jean-Philippe Lang||% Done:|
|Category:||Accounts / authentication|
Right now, when a session expired (either due to long inactivity or general maximum duration), the user is redirected to /login without a back_url. After login, the user is thus lost and doesn't return to where they were. This is thus a deviation from the normal forced authentication flow.
The attached patch, we extracted from Planio fixes this by re-purposing the existing means for a proper redirect to
/login and thus sets a matching back_url. The patch is made against current trunk at r14180 but should also apply cleanly to all prior versions until at least 2.5.
Set a back_url when forcing new login after session expiration (#19655).
Patch by Holger Just.