Project

General

Profile

Actions

Defect #7651

open

'Invalid form authenticity token' when updating issue causes dataloss

Added by sam marshall over 13 years ago. Updated almost 2 years ago.

Status:
New
Priority:
Normal
Assignee:
-
Category:
Issues
Target version:
-
Start date:
2011-02-18
Due date:
% Done:

0%

Estimated time:
Resolution:
Affected version:

Description

When updating an issue to add a comment, if your session is no longer valid, you receive the error:

'Invalid form authenticity token.'

While this part is correct behaviour, it causes dataloss because:

a) The page with the error does not contain the text of the comment you submitted.
b) At least in Firefox 3.6, the Back button returns to the issue you were updating, but without the text.

I don't operate the redmine server in question, but I verified that this still occurs on demo.redmine.org, so it is a current issue.

To reproduce:

0. Use the Firefox browser with web developer extension (or any other browser with similar features)

1. Go to an issue
2. Click Update
3. Type some text into a comment
4. In the web developer toolbar, choose Cookies / Clear Session Cookies
5. Submit the comment
6. Error page appears

Actual behaviour:

Error page does not contain text you entered in #3. If you click the Back button, you are returned to the form but without your text.

Expected behaviour:

Error page should additionally contain the text of the comment you entered. Or, alternatively, the Back button should take you to the update page that includes your text.

Notes:

1) Clearing session cookies is fairly common behaviour when testing web applications. While it's obvious that doing this will break a Redmine session (i.e. you shouldn't do it), Redmine doesn't have to add injury to insult by causing annoying dataloss as a result.

2) Other form data is probably lost too but who cares - it's the potentially page-long comment that can be really annoying.

3) I haven't verified what happens with other update form errors such as simultaneous edit. If the same thing happens there, then those could benefit from being fixed, too.


Related issues

Has duplicate Redmine - Feature #30733: Keep submitted form data when updating an issue with an expired authentication tokenNew

Actions
Has duplicate Redmine - Defect #17588: Warn that the authenticity token is invalid before you get the textarea to edit issuesNew

Actions
Has duplicate Redmine - Feature #10569: Save user data on invalid form authenticity tokenNew

Actions
Actions #1

Updated by Alberto Fanjul Alonso over 8 years ago

Any progress on this? It's really annoying to lose comments or modifications. Why not just stop redirection if there's no authenticity token. That easily solve the problem

Actions #2

Updated by Martin von Wittich almost 2 years ago

See also these tickets, I unfortunately am not allowed to link them:

#30733
#17588
#10569

Actions #3

Updated by Bernhard Rohloff almost 2 years ago

  • Has duplicate Feature #30733: Keep submitted form data when updating an issue with an expired authentication token added
Actions #4

Updated by Bernhard Rohloff almost 2 years ago

  • Is duplicate of Defect #17588: Warn that the authenticity token is invalid before you get the textarea to edit issues added
Actions #5

Updated by Bernhard Rohloff almost 2 years ago

  • Is duplicate of Feature #10569: Save user data on invalid form authenticity token added
Actions #6

Updated by Bernhard Rohloff almost 2 years ago

  • Is duplicate of deleted (Defect #17588: Warn that the authenticity token is invalid before you get the textarea to edit issues)
Actions #7

Updated by Bernhard Rohloff almost 2 years ago

  • Is duplicate of deleted (Feature #10569: Save user data on invalid form authenticity token)
Actions #8

Updated by Bernhard Rohloff almost 2 years ago

  • Has duplicate Defect #17588: Warn that the authenticity token is invalid before you get the textarea to edit issues added
Actions #9

Updated by Bernhard Rohloff almost 2 years ago

  • Has duplicate Feature #10569: Save user data on invalid form authenticity token added
Actions

Also available in: Atom PDF