Opened 12 years ago

Closed 5 years ago

#159 closed Bug (fixed)

Circular logout problem

Reported by: Manuzhai Owned by: Ash Christopher
Component: contrib.admin Version:
Severity: Normal Keywords: admin logout
Cc: Ash Christopher Triage Stage: Ready for checkin
Has patch: yes Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: no UI/UX: no

Description

When a not-logged-in user goes to /admin/logout/, they get a login form. When they subsequently log in, they're logged out again. This is probably not desirable behavior; it's very confusing when it happens.

I'm not sure what the correct behavior would be: probably say that the user is already logged out instead of showing a login form, though (with a link to the login form, which could just be /admin/).

Attachments (2)

ticket159.diff (2.5 KB) - added by Ash Christopher 6 years ago.
Needs review, but couldn't think of a nicer way without major changes to the admin views.
ticket-159-circular-logout.patch (2.7 KB) - added by Ash Christopher 5 years ago.
New patch for ticket.

Download all attachments as: .zip

Change History (16)

comment:1 Changed 10 years ago by Paul Bx <pb@…>

Resolution: fixed
Status: newclosed

Problem no longer exists.

comment:2 Changed 6 years ago by Ash Christopher

Easy pickings: unset
Resolution: fixed
Status: closedreopened
UI/UX: unset

comment:3 Changed 6 years ago by Ash Christopher

Cc: Ash Christopher added
Keywords: admin logout added
Severity: normalNormal
Triage Stage: AcceptedUnreviewed
Type: defectBug

Don't know when it was re-introduced, but tested using r16730 and this problem exists.

To recreate:

1. Log into the admin.

2. Log out of the admin.

You should see a special logout screen that says "Thanks for spending some quality time with the Web site today." Notice that the URL is still set to /admin/logout/.

3. Refresh browser.

You will now get the normal admin login screen. Notice that the url is still set to /admin/logout/.

4. Log back into the admin.

Notice that you are sent to the "Thanks for spending some quality time with the Web site today." screen.

Last edited 6 years ago by Ash Christopher (previous) (diff)

comment:4 Changed 6 years ago by wim@…

ashchristopher, I can confirm the same behaviour in Django 1.3 . Are you on this bug now? If so, can you claim it?

comment:5 Changed 6 years ago by Alex Gaynor

Triage Stage: UnreviewedAccepted

Was able to reproduce.

comment:6 in reply to:  4 Changed 6 years ago by Ash Christopher

Replying to wim@…:

ashchristopher, I can confirm the same behaviour in Django 1.3 . Are you on this bug now? If so, can you claim it?

Not on it yet. Already working on ticket. Will claim in the future if not already claimed.

Version 0, edited 6 years ago by Ash Christopher (next)

comment:7 Changed 6 years ago by Ash Christopher

Adrian -- I have some time to take a look at this ticket if you would like.

comment:8 Changed 6 years ago by Ash Christopher

Owner: changed from Adrian Holovaty to Ash Christopher
Status: reopenednew

Changed 6 years ago by Ash Christopher

Attachment: ticket159.diff added

Needs review, but couldn't think of a nicer way without major changes to the admin views.

comment:9 Changed 6 years ago by Ash Christopher

Has patch: set
Status: newassigned

comment:10 Changed 5 years ago by Jonas Obrist

Patch looks okay, but how about just redirecting to admin:index when the user does not have perms and is on admin:logout?

comment:11 in reply to:  10 ; Changed 5 years ago by Ash Christopher

Replying to ojii:

Patch looks okay, but how about just redirecting to admin:index when the user does not have perms and is on admin:logout?

Sorry - not quite sure I understand what you mean.

comment:12 in reply to:  11 Changed 5 years ago by Jonas Obrist

Replying to ashchristopher:

Replying to ojii:

Patch looks okay, but how about just redirecting to admin:index when the user does not have perms and is on admin:logout?

Sorry - not quite sure I understand what you mean.

In https://code.djangoproject.com/attachment/ticket/159/ticket159.diff in contrib/admin/sites.py:193 you set the REDIRECT_FIELD_NAME in extra_context, I propose return a HttpResponseRedirect to admin:index, which will then handle the login part anyway.

Changed 5 years ago by Ash Christopher

New patch for ticket.

comment:13 Changed 5 years ago by Tomek Paczkowski

Triage Stage: AcceptedReady for checkin

Patch looks good: has working tests and does what it says on the tin.

comment:14 Changed 5 years ago by Jannis Leidel

Resolution: fixed
Status: assignedclosed

In [17465]:

Fixed #159 -- Prevent the AdminSite from logging users out when they try to log in form the logout page. Many thanks, ashchristopher.

Note: See TracTickets for help on using tickets.
Back to Top