Opened 19 years ago

Closed 13 years ago

#159 closed Bug (fixed)

Circular logout problem

Reported by: Manuzhai Owned by: Ash Christopher
Component: contrib.admin Version:
Severity: Normal Keywords: admin logout
Cc: Ash Christopher Triage Stage: Ready for checkin
Has patch: yes Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: no UI/UX: no

Description

When a not-logged-in user goes to /admin/logout/, they get a login form. When they subsequently log in, they're logged out again. This is probably not desirable behavior; it's very confusing when it happens.

I'm not sure what the correct behavior would be: probably say that the user is already logged out instead of showing a login form, though (with a link to the login form, which could just be /admin/).

Attachments (2)

ticket159.diff (2.5 KB ) - added by Ash Christopher 13 years ago.
Needs review, but couldn't think of a nicer way without major changes to the admin views.
ticket-159-circular-logout.patch (2.7 KB ) - added by Ash Christopher 13 years ago.
New patch for ticket.

Download all attachments as: .zip

Change History (16)

comment:1 by Paul Bx <pb@…>, 17 years ago

Resolution: fixed
Status: newclosed

Problem no longer exists.

comment:2 by Ash Christopher, 13 years ago

Easy pickings: unset
Resolution: fixed
Status: closedreopened
UI/UX: unset

comment:3 by Ash Christopher, 13 years ago

Cc: Ash Christopher added
Keywords: admin logout added
Severity: normalNormal
Triage Stage: AcceptedUnreviewed
Type: defectBug

Don't know when it was re-introduced, but tested using r16730 and this problem exists.

To recreate:

1. Log into the admin.

2. Log out of the admin.

You should see a special logout screen that says "Thanks for spending some quality time with the Web site today." Notice that the URL is still set to /admin/logout/.

3. Refresh browser.

You will now get the normal admin login screen. Notice that the url is still set to /admin/logout/.

4. Log back into the admin.

Notice that you are sent to the "Thanks for spending some quality time with the Web site today." screen.

Last edited 13 years ago by Ash Christopher (previous) (diff)

comment:4 by wim@…, 13 years ago

ashchristopher, I can confirm the same behaviour in Django 1.3 . Are you on this bug now? If so, can you claim it?

comment:5 by Alex Gaynor, 13 years ago

Triage Stage: UnreviewedAccepted

Was able to reproduce.

in reply to:  4 comment:6 by Ash Christopher, 13 years ago

Replying to wim@…:

ashchristopher, I can confirm the same behaviour in Django 1.3 . Are you on this bug now? If so, can you claim it?

Not on it yet. Already working on ticket. Will claim in the future if not already claimed.

Version 0, edited 13 years ago by Ash Christopher (next)

comment:7 by Ash Christopher, 13 years ago

Adrian -- I have some time to take a look at this ticket if you would like.

comment:8 by Ash Christopher, 13 years ago

Owner: changed from Adrian Holovaty to Ash Christopher
Status: reopenednew

by Ash Christopher, 13 years ago

Attachment: ticket159.diff added

Needs review, but couldn't think of a nicer way without major changes to the admin views.

comment:9 by Ash Christopher, 13 years ago

Has patch: set
Status: newassigned

comment:10 by Jonas Obrist, 13 years ago

Patch looks okay, but how about just redirecting to admin:index when the user does not have perms and is on admin:logout?

in reply to:  10 ; comment:11 by Ash Christopher, 13 years ago

Replying to ojii:

Patch looks okay, but how about just redirecting to admin:index when the user does not have perms and is on admin:logout?

Sorry - not quite sure I understand what you mean.

in reply to:  11 comment:12 by Jonas Obrist, 13 years ago

Replying to ashchristopher:

Replying to ojii:

Patch looks okay, but how about just redirecting to admin:index when the user does not have perms and is on admin:logout?

Sorry - not quite sure I understand what you mean.

In https://code.djangoproject.com/attachment/ticket/159/ticket159.diff in contrib/admin/sites.py:193 you set the REDIRECT_FIELD_NAME in extra_context, I propose return a HttpResponseRedirect to admin:index, which will then handle the login part anyway.

by Ash Christopher, 13 years ago

New patch for ticket.

comment:13 by Tomek Paczkowski, 13 years ago

Triage Stage: AcceptedReady for checkin

Patch looks good: has working tests and does what it says on the tin.

comment:14 by Jannis Leidel, 13 years ago

Resolution: fixed
Status: assignedclosed

In [17465]:

Fixed #159 -- Prevent the AdminSite from logging users out when they try to log in form the logout page. Many thanks, ashchristopher.

Note: See TracTickets for help on using tickets.
Back to Top