Opened 11 years ago

Closed 5 years ago

#159 closed Bug (fixed)

Circular logout problem

Reported by: Manuzhai Owned by: Ash Christopher
Component: contrib.admin Version:
Severity: Normal Keywords: admin logout
Cc: Ash Christopher Triage Stage: Ready for checkin
Has patch: yes Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: no UI/UX: no

Description

When a not-logged-in user goes to /admin/logout/, they get a login form. When they subsequently log in, they're logged out again. This is probably not desirable behavior; it's very confusing when it happens.

I'm not sure what the correct behavior would be: probably say that the user is already logged out instead of showing a login form, though (with a link to the login form, which could just be /admin/).

Attachments (2)

ticket159.diff (2.5 KB) - added by Ash Christopher 5 years ago.
Needs review, but couldn't think of a nicer way without major changes to the admin views.
ticket-159-circular-logout.patch (2.7 KB) - added by Ash Christopher 5 years ago.
New patch for ticket.

Download all attachments as: .zip

Change History (16)

comment:1 Changed 9 years ago by Paul Bx <pb@…>

Resolution: fixed
Status: newclosed

Problem no longer exists.

comment:2 Changed 5 years ago by Ash Christopher

Easy pickings: unset
Resolution: fixed
Status: closedreopened
UI/UX: unset

comment:3 Changed 5 years ago by Ash Christopher

Cc: Ash Christopher added
Keywords: admin logout added
Severity: normalNormal
Triage Stage: AcceptedUnreviewed
Type: defectBug

As of r16730 this problem seems to have been re-introduced.

To recreate:

1. Log into the admin.

2. Log out of the admin.

You should see a special logout screen that says "Thanks for spending some quality time with the Web site today." Notice that the URL is still set to /admin/logout/.

3. Refresh browser.

You will now get the normal admin login screen. Notice that the url is still set to /admin/logout/.

4. Log back into the admin.

Notice that you are sent to the "Thanks for spending some quality time with the Web site today." screen.

Version 0, edited 5 years ago by Ash Christopher (next)

comment:4 Changed 5 years ago by wim@…

ashchristopher, I can confirm the same behaviour in Django 1.3 . Are you on this bug now? If so, can you claim it?

comment:5 Changed 5 years ago by Alex Gaynor

Triage Stage: UnreviewedAccepted

Was able to reproduce.

comment:6 in reply to:  4 Changed 5 years ago by Ash Christopher

Replying to wim@…:

ashchristopher, I can confirm the same behaviour in Django 1.3 . Are you on this bug now? If so, can you claim it?

Not on it yet. Already working on a different ticket. Will claim in the future if not already claimed.

Last edited 5 years ago by Ash Christopher (previous) (diff)

comment:7 Changed 5 years ago by Ash Christopher

Adrian -- I have some time to take a look at this ticket if you would like.

comment:8 Changed 5 years ago by Ash Christopher

Owner: changed from Adrian Holovaty to Ash Christopher
Status: reopenednew

Changed 5 years ago by Ash Christopher

Attachment: ticket159.diff added

Needs review, but couldn't think of a nicer way without major changes to the admin views.

comment:9 Changed 5 years ago by Ash Christopher

Has patch: set
Status: newassigned

comment:10 Changed 5 years ago by Jonas Obrist

Patch looks okay, but how about just redirecting to admin:index when the user does not have perms and is on admin:logout?

comment:11 in reply to:  10 ; Changed 5 years ago by Ash Christopher

Replying to ojii:

Patch looks okay, but how about just redirecting to admin:index when the user does not have perms and is on admin:logout?

Sorry - not quite sure I understand what you mean.

comment:12 in reply to:  11 Changed 5 years ago by Jonas Obrist

Replying to ashchristopher:

Replying to ojii:

Patch looks okay, but how about just redirecting to admin:index when the user does not have perms and is on admin:logout?

Sorry - not quite sure I understand what you mean.

In https://code.djangoproject.com/attachment/ticket/159/ticket159.diff in contrib/admin/sites.py:193 you set the REDIRECT_FIELD_NAME in extra_context, I propose return a HttpResponseRedirect to admin:index, which will then handle the login part anyway.

Changed 5 years ago by Ash Christopher

New patch for ticket.

comment:13 Changed 5 years ago by Tomek Paczkowski

Triage Stage: AcceptedReady for checkin

Patch looks good: has working tests and does what it says on the tin.

comment:14 Changed 5 years ago by Jannis Leidel

Resolution: fixed
Status: assignedclosed

In [17465]:

Fixed #159 -- Prevent the AdminSite from logging users out when they try to log in form the logout page. Many thanks, ashchristopher.

Note: See TracTickets for help on using tickets.
Back to Top