Code

Opened 9 years ago

Closed 2 years ago

#159 closed Bug (fixed)

Circular logout problem

Reported by: Manuzhai Owned by: ashchristopher
Component: contrib.admin Version:
Severity: Normal Keywords: admin logout
Cc: ashchristopher Triage Stage: Ready for checkin
Has patch: yes Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: no UI/UX: no

Description

When a not-logged-in user goes to /admin/logout/, they get a login form. When they subsequently log in, they're logged out again. This is probably not desirable behavior; it's very confusing when it happens.

I'm not sure what the correct behavior would be: probably say that the user is already logged out instead of showing a login form, though (with a link to the login form, which could just be /admin/).

Attachments (2)

ticket159.diff (2.5 KB) - added by ashchristopher 3 years ago.
Needs review, but couldn't think of a nicer way without major changes to the admin views.
ticket-159-circular-logout.patch (2.7 KB) - added by ashchristopher 3 years ago.
New patch for ticket.

Download all attachments as: .zip

Change History (16)

comment:1 Changed 7 years ago by Paul Bx <pb@…>

  • Resolution set to fixed
  • Status changed from new to closed

Problem no longer exists.

comment:2 Changed 3 years ago by ashchristopher

  • Easy pickings unset
  • Resolution fixed deleted
  • Status changed from closed to reopened
  • UI/UX unset

comment:3 Changed 3 years ago by ashchristopher

  • Cc ashchristopher added
  • Keywords admin logout added
  • Severity changed from normal to Normal
  • Triage Stage changed from Accepted to Unreviewed
  • Type changed from defect to Bug

As of r16730 this problem seems to have been re-introduced.

To recreate:

1. Log into the admin.

2. Log out of the admin.

You should see a special logout screen that says "Thanks for spending some quality time with the Web site today." Notice that the URL is still set to /admin/logout/.

3. Refresh browser.

You will now get the normal admin login screen. Notice that the url is still set to /admin/logout/.

4. Log back into the admin.

Notice that you are sent to the "Thanks for spending some quality time with the Web site today." screen.

Version 0, edited 3 years ago by ashchristopher (next)

comment:4 follow-up: Changed 3 years ago by wim@…

ashchristopher, I can confirm the same behaviour in Django 1.3 . Are you on this bug now? If so, can you claim it?

comment:5 Changed 3 years ago by Alex

  • Triage Stage changed from Unreviewed to Accepted

Was able to reproduce.

comment:6 in reply to: ↑ 4 Changed 3 years ago by ashchristopher

Replying to wim@…:

ashchristopher, I can confirm the same behaviour in Django 1.3 . Are you on this bug now? If so, can you claim it?

Not on it yet. Already working on a different ticket. Will claim in the future if not already claimed.

Last edited 3 years ago by ashchristopher (previous) (diff)

comment:7 Changed 3 years ago by ashchristopher

Adrian -- I have some time to take a look at this ticket if you would like.

comment:8 Changed 3 years ago by ashchristopher

  • Owner changed from adrian to ashchristopher
  • Status changed from reopened to new

Changed 3 years ago by ashchristopher

Needs review, but couldn't think of a nicer way without major changes to the admin views.

comment:9 Changed 3 years ago by ashchristopher

  • Has patch set
  • Status changed from new to assigned

comment:10 follow-up: Changed 3 years ago by ojii

Patch looks okay, but how about just redirecting to admin:index when the user does not have perms and is on admin:logout?

comment:11 in reply to: ↑ 10 ; follow-up: Changed 3 years ago by ashchristopher

Replying to ojii:

Patch looks okay, but how about just redirecting to admin:index when the user does not have perms and is on admin:logout?

Sorry - not quite sure I understand what you mean.

comment:12 in reply to: ↑ 11 Changed 3 years ago by ojii

Replying to ashchristopher:

Replying to ojii:

Patch looks okay, but how about just redirecting to admin:index when the user does not have perms and is on admin:logout?

Sorry - not quite sure I understand what you mean.

In https://code.djangoproject.com/attachment/ticket/159/ticket159.diff in contrib/admin/sites.py:193 you set the REDIRECT_FIELD_NAME in extra_context, I propose return a HttpResponseRedirect to admin:index, which will then handle the login part anyway.

Changed 3 years ago by ashchristopher

New patch for ticket.

comment:13 Changed 2 years ago by oinopion

  • Triage Stage changed from Accepted to Ready for checkin

Patch looks good: has working tests and does what it says on the tin.

comment:14 Changed 2 years ago by jezdez

  • Resolution set to fixed
  • Status changed from assigned to closed

In [17465]:

Fixed #159 -- Prevent the AdminSite from logging users out when they try to log in form the logout page. Many thanks, ashchristopher.

Add Comment

Modify Ticket

Change Properties
<Author field>
Action
as closed
as The resolution will be set. Next status will be 'closed'
The resolution will be deleted. Next status will be 'new'
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.