Project

General

Profile

Actions

Patch #19655

closed

Set a back_url when forcing new login after session expiration

Added by Holger Just over 9 years ago. Updated over 9 years ago.

Status:
Closed
Priority:
Normal
Category:
Accounts / authentication
Target version:
Start date:
Due date:
% Done:

0%

Estimated time:

Description

Right now, when a session expired (either due to long inactivity or general maximum duration), the user is redirected to /login without a back_url. After login, the user is thus lost and doesn't return to where they were. This is thus a deviation from the normal forced authentication flow.

The attached patch, we extracted from Planio fixes this by re-purposing the existing means for a proper redirect to /login and thus sets a matching back_url. The patch is made against current trunk at r14180 but should also apply cleanly to all prior versions until at least 2.5.


Files


Related issues

Related to Redmine - Patch #18980: Parameter back_url not set on redirect to login page when session has expiredClosed

Actions
Actions #2

Updated by Sebastian Paluch over 9 years ago

Duplicates #18980.

Actions #3

Updated by Holger Just over 9 years ago

Compared to #18980, this patch doesn't duplicate the behavior or require_login and contains working tests.

Actions #4

Updated by Go MAEDA over 9 years ago

  • Related to Patch #18980: Parameter back_url not set on redirect to login page when session has expired added
Actions #5

Updated by Jean-Philippe Lang over 9 years ago

  • Status changed from New to Resolved
  • Assignee set to Jean-Philippe Lang
  • Target version set to 3.0.3

Patch committed, thanks.

Actions #6

Updated by Jean-Philippe Lang over 9 years ago

  • Status changed from Resolved to Closed
Actions #7

Updated by Jean-Philippe Lang over 9 years ago

  • Target version changed from 3.0.3 to 2.6.5
Actions

Also available in: Atom PDF