Hi, I created a Login Form as a paragraph on a page using the PUR module. Then I set up a pattern for URISecurityFilter and a RedirectClientCallback to redirect to the login page.
Everything works as expected if I click on a protected page: * I get redirected to the login page * After successful login, the protected page is displayed * If login fails, the login form is displayed again But what if the login form is submitted to a non-protected page? * I call the login page with a parameter including the page to forward after login * After successful login, the target page is displayed and the user is logged in * If login fails, the target page is also displayed and the user is not logged in The same happens if I have set up a default page to display after login (configurable by the form dialog) What I would expect is that the user stays on the login page and an error message is shown. I found that the LoginFilter doesn't handle a LoginResult.STATUS_FAILED, but relies on the following URISecurityFilter, which should display the login page again. But in my case, the URISecurityFilter says "everything ok - the page is not protected" and displays the target page. Does someone else use a login form the way I do? How could I handle failed logins correctly? I use Magnolia 4.3, STK 1.3 Regards, Peter ---------------------------------------------------------------- For list details see http://www.magnolia-cms.com/home/community/mailing-lists.html To unsubscribe, E-mail to: <[email protected]> ----------------------------------------------------------------
