Defect #7651
open'Invalid form authenticity token' when updating issue causes dataloss
0%
Description
When updating an issue to add a comment, if your session is no longer valid, you receive the error:
'Invalid form authenticity token.'
While this part is correct behaviour, it causes dataloss because:
a) The page with the error does not contain the text of the comment you submitted.
b) At least in Firefox 3.6, the Back button returns to the issue you were updating, but without the text.
I don't operate the redmine server in question, but I verified that this still occurs on demo.redmine.org, so it is a current issue.
To reproduce:
0. Use the Firefox browser with web developer extension (or any other browser with similar features)
1. Go to an issue
2. Click Update
3. Type some text into a comment
4. In the web developer toolbar, choose Cookies / Clear Session Cookies
5. Submit the comment
6. Error page appears
Actual behaviour:
Error page does not contain text you entered in #3. If you click the Back button, you are returned to the form but without your text.
Expected behaviour:
Error page should additionally contain the text of the comment you entered. Or, alternatively, the Back button should take you to the update page that includes your text.
Notes:
1) Clearing session cookies is fairly common behaviour when testing web applications. While it's obvious that doing this will break a Redmine session (i.e. you shouldn't do it), Redmine doesn't have to add injury to insult by causing annoying dataloss as a result.
2) Other form data is probably lost too but who cares - it's the potentially page-long comment that can be really annoying.
3) I haven't verified what happens with other update form errors such as simultaneous edit. If the same thing happens there, then those could benefit from being fixed, too.
Related issues
Updated by Alberto Fanjul Alonso almost 9 years ago
Any progress on this? It's really annoying to lose comments or modifications. Why not just stop redirection if there's no authenticity token. That easily solve the problem
Updated by Martin von Wittich about 2 years ago
Updated by Bernhard Rohloff about 2 years ago
- Has duplicate Feature #30733: Keep submitted form data when updating an issue with an expired authentication token added
Updated by Bernhard Rohloff about 2 years ago
- Is duplicate of Defect #17588: Warn that the authenticity token is invalid before you get the textarea to edit issues added
Updated by Bernhard Rohloff about 2 years ago
- Is duplicate of Feature #10569: Save user data on invalid form authenticity token added
Updated by Bernhard Rohloff about 2 years ago
- Is duplicate of deleted (Defect #17588: Warn that the authenticity token is invalid before you get the textarea to edit issues)
Updated by Bernhard Rohloff about 2 years ago
- Is duplicate of deleted (Feature #10569: Save user data on invalid form authenticity token)
Updated by Bernhard Rohloff about 2 years ago
- Has duplicate Defect #17588: Warn that the authenticity token is invalid before you get the textarea to edit issues added
Updated by Bernhard Rohloff about 2 years ago
- Has duplicate Feature #10569: Save user data on invalid form authenticity token added