Project

General

Profile

Actions
Copy link

Defect #17588

open

Warn that the authenticity token is invalid before you get the textarea to edit issues

Added by Pablo Yanez Trujillo over 9 years ago. Updated over 1 year ago.

Status:
New
Priority:
Normal
Assignee:
-
Category:
Issues
Target version:
-
Start date:
Due date:
% Done:

0%

Estimated time:
Resolution:
Affected version:

Description

I've tried to do a google search about that but I wasn't able to find anything useful. I don't know whether this should be counted as a bug or as a feature.

My problem is that I save the tabs in my browser, so when I close my browser and open it again, the last open tabs are displayed. However, Opera does not make a GET request to the sites in the tabs but displays the contents as they were before closing the browser (probaly it renders them from its cache).

Anyway, the redmine site of my company has been configured so that you have to log in before you
can edit issues. It happens to me quite often that when I start my working day, and start working on the issues I've got, I lose track of the time spending on the individual issues and after working on them, opening and closing new tabs, I come across a tab with an issue of a past session (like the day before).

Here I've forgotten to press F5 to get a new authenticity token. Then I happily click on Update to update the status of the issue and start editing the issue. After a couple of minutes I click on Submit and get a nasty surprise:

422

Invalid form authenticity token.

If you go back (by pressing the backspace-key or clicking on the back-button of the browser) then you realize that you've lost everything, since the Update-Link executes

showAndScrollTo("update", "issue_notes"); return false;

and even if you execute it again, the form fields are all empty again :(

On some occasions I've lost more than 30 minutes of typing... that's very frustrating, specially when you are in a hurry and need to type everything again.

So, wouldn't it make more sense that when you click on Update instead of getting the textarea right away, you get first an error message/warning that your csrf token is invalid thus preventing you from wasting you time in the first place?

The version of redmine my company is running

Environment:
  Redmine version                2.4.1.stable
  Ruby version                   1.9.3-p194 (2012-04-20) [x86_64-linux]
  Rails version                  3.2.15
  Environment                    production
  Database adapter               Mysql2
SCM:
  Subversion                     1.6.17
  Git                            1.7.10.4
  Filesystem                     
Redmine plugins:
  redmine_favorite_projects      1.0.1
  redmine_startpage              0.1.0
  redmine_theme_changer          0.1.0

Related issues

Is duplicate of Redmine - Defect #7651: 'Invalid form authenticity token' when updating issue causes datalossNew2011-02-18

Actions
Actions
Copy link
 #1

Updated by Martin von Wittich over 1 year ago

See also these tickets, I unfortunately am not allowed to link them:

#30733
#10569
#7651

Actions
Copy link
 #2

Updated by Bernhard Rohloff over 1 year ago

  • Has duplicate Defect #7651: 'Invalid form authenticity token' when updating issue causes dataloss added
Actions
Copy link
 #3

Updated by Bernhard Rohloff over 1 year ago

  • Has duplicate deleted (Defect #7651: 'Invalid form authenticity token' when updating issue causes dataloss)
Actions
Copy link
 #4

Updated by Bernhard Rohloff over 1 year ago

  • Is duplicate of Defect #7651: 'Invalid form authenticity token' when updating issue causes dataloss added
Actions
Copy link

Also available in: Atom PDF