Opened 20 years ago
Closed 14 years ago
#159 closed Bug (fixed)
Circular logout problem
| Reported by: | Manuzhai | Owned by: | Ash Christopher |
|---|---|---|---|
| Component: | contrib.admin | Version: | |
| Severity: | Normal | Keywords: | admin logout |
| Cc: | Ash Christopher | Triage Stage: | Ready for checkin |
| Has patch: | yes | Needs documentation: | no |
| Needs tests: | no | Patch needs improvement: | no |
| Easy pickings: | no | UI/UX: | no |
Description
When a not-logged-in user goes to /admin/logout/, they get a login form. When they subsequently log in, they're logged out again. This is probably not desirable behavior; it's very confusing when it happens.
I'm not sure what the correct behavior would be: probably say that the user is already logged out instead of showing a login form, though (with a link to the login form, which could just be /admin/).
Attachments (2)
Change History (16)
comment:1 by , 18 years ago
| Resolution: | → fixed |
|---|---|
| Status: | new → closed |
comment:2 by , 14 years ago
| Easy pickings: | unset |
|---|---|
| Resolution: | fixed |
| Status: | closed → reopened |
| UI/UX: | unset |
comment:3 by , 14 years ago
| Cc: | added |
|---|---|
| Keywords: | admin logout added |
| Severity: | normal → Normal |
| Triage Stage: | Accepted → Unreviewed |
| Type: | defect → Bug |
Don't know when it was re-introduced, but tested using r16730 and this problem exists.
To recreate:
1. Log into the admin.
2. Log out of the admin.
You should see a special logout screen that says "Thanks for spending some quality time with the Web site today." Notice that the URL is still set to /admin/logout/.
3. Refresh browser.
You will now get the normal admin login screen. Notice that the url is still set to /admin/logout/.
4. Log back into the admin.
Notice that you are sent to the "Thanks for spending some quality time with the Web site today." screen.
follow-up: 6 comment:4 by , 14 years ago
ashchristopher, I can confirm the same behaviour in Django 1.3 . Are you on this bug now? If so, can you claim it?
comment:6 by , 14 years ago
Replying to wim@…:
ashchristopher, I can confirm the same behaviour in Django 1.3 . Are you on this bug now? If so, can you claim it?
Not on it yet. Already working on a different ticket. Will claim in the future if not already claimed.
comment:7 by , 14 years ago
Adrian -- I have some time to take a look at this ticket if you would like.
comment:8 by , 14 years ago
| Owner: | changed from to |
|---|---|
| Status: | reopened → new |
by , 14 years ago
| Attachment: | ticket159.diff added |
|---|
Needs review, but couldn't think of a nicer way without major changes to the admin views.
comment:9 by , 14 years ago
| Has patch: | set |
|---|---|
| Status: | new → assigned |
follow-up: 11 comment:10 by , 14 years ago
Patch looks okay, but how about just redirecting to admin:index when the user does not have perms and is on admin:logout?
follow-up: 12 comment:11 by , 14 years ago
Replying to ojii:
Patch looks okay, but how about just redirecting to admin:index when the user does not have perms and is on admin:logout?
Sorry - not quite sure I understand what you mean.
comment:12 by , 14 years ago
Replying to ashchristopher:
Replying to ojii:
Patch looks okay, but how about just redirecting to admin:index when the user does not have perms and is on admin:logout?
Sorry - not quite sure I understand what you mean.
In https://code.djangoproject.com/attachment/ticket/159/ticket159.diff in contrib/admin/sites.py:193 you set the REDIRECT_FIELD_NAME in extra_context, I propose return a HttpResponseRedirect to admin:index, which will then handle the login part anyway.
comment:13 by , 14 years ago
| Triage Stage: | Accepted → Ready for checkin |
|---|
Patch looks good: has working tests and does what it says on the tin.
Problem no longer exists.