Project

General

Profile

Actions
Copy link

Patch #19655

closed

Set a back_url when forcing new login after session expiration

Added by Holger Just about 9 years ago. Updated almost 9 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Jean-Philippe Lang
Category:
Accounts / authentication
Target version:
2.6.5
Start date:
Due date:
% Done:

0%

Estimated time:

Description

Right now, when a session expired (either due to long inactivity or general maximum duration), the user is redirected to /login without a back_url. After login, the user is thus lost and doesn't return to where they were. This is thus a deviation from the normal forced authentication flow.

The attached patch, we extracted from Planio fixes this by re-purposing the existing means for a proper redirect to /login and thus sets a matching back_url. The patch is made against current trunk at r14180 but should also apply cleanly to all prior versions until at least 2.5.

Files

0001-Set-a-back_url-when-forcing-new-login-after-session-.patch (3.05 KB) 0001-Set-a-back_url-when-forcing-new-login-after-session-.patch Holger Just, 2015-04-17 16:47

Related issues

Related to Redmine - Patch #18980: Parameter back_url not set on redirect to login page when session has expiredClosed

Actions
Actions
Copy link

Also available in: Atom PDF