LoginFilter should return a redirect upon successful login instead of
continuing the request
--------------------------------------------------------------------------------------------
Key: MAGNOLIA-3469
URL: http://jira.magnolia-cms.com/browse/MAGNOLIA-3469
Project: Magnolia
Issue Type: Improvement
Components: security
Affects Versions: 4.4
Reporter: Tobias Mattsson
Assignee: Philipp Bärfuss
When a request for a protected resource fails due to authorization we output
the login form. When the user submits this form, using a POST request, and the
login succeeds we let the request finish by accessing the resource with a POST.
This can lead to problems as the resource might not be intended to be used with
POST or expects other parameters than those available in the login form.
Also, the initial attempt to access a resource such as
/demo-project/some-page.html is for using a GET, not a POST, so when the login
succeeds we are not presenting what the initial attempt would have displayed
had the user been logged in.
While non critical, the user experience could be better.
Potentially there is code that relies on these parameters in requests after the
loginfilter have executed. This might especially be the case with the PUR
module.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://jira.magnolia-cms.com/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
----------------------------------------------------------------
For list details see
http://www.magnolia-cms.com/home/community/mailing-lists.html
To unsubscribe, E-mail to: <[email protected]>
----------------------------------------------------------------
