Patch #19655
Set a back_url when forcing new login after session expiration
| Status: | Closed | Start date: | ||
|---|---|---|---|---|
| Priority: | Normal | Due date: | ||
| Assignee: |  Jean-Philippe Lang | % Done: | 0% | |
| Category: | Accounts / authentication | |||
| Target version: | 2.6.5 |
Description
Right now, when a session expired (either due to long inactivity or general maximum duration), the user is redirected to /login without a back_url. After login, the user is thus lost and doesn't return to where they were. This is thus a deviation from the normal forced authentication flow.
The attached patch, we extracted from Planio fixes this by re-purposing the existing means for a proper redirect to /login and thus sets a matching back_url. The patch is made against current trunk at r14180 but should also apply cleanly to all prior versions until at least 2.5.
Related issues
Associated revisions
Set a back_url when forcing new login after session expiration (#19655).
Patch by Holger Just.
History
#1
Updated by Holger Just about 7 years ago
#2
Updated by Sebastian Paluch about 7 years ago
Duplicates #18980.
#3
Updated by Holger Just about 7 years ago
Compared to #18980, this patch doesn't duplicate the behavior or require_login and contains working tests.
#4
Updated by Go MAEDA about 7 years ago
- Related to Patch #18980: Parameter back_url not set on redirect to login page when session has expired added
#5
Updated by Jean-Philippe Lang about 7 years ago
- Status changed from New to Resolved
- Assignee set to Jean-Philippe Lang
- Target version set to 3.0.3
Patch committed, thanks.
#6
Updated by Jean-Philippe Lang about 7 years ago
- Status changed from Resolved to Closed
#7
Updated by Jean-Philippe Lang about 7 years ago
- Target version changed from 3.0.3 to 2.6.5