Code

Opened 9 years ago

Closed 2 years ago

#159 closed Bug (fixed)

Circular logout problem

Reported by: Manuzhai Owned by: ashchristopher
Component: contrib.admin Version:
Severity: Normal Keywords: admin logout
Cc: ashchristopher Triage Stage: Ready for checkin
Has patch: yes Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: no UI/UX: no

Description

When a not-logged-in user goes to /admin/logout/, they get a login form. When they subsequently log in, they're logged out again. This is probably not desirable behavior; it's very confusing when it happens.

I'm not sure what the correct behavior would be: probably say that the user is already logged out instead of showing a login form, though (with a link to the login form, which could just be /admin/).

Attachments (2)

ticket159.diff (2.5 KB) - added by ashchristopher 3 years ago.
Needs review, but couldn't think of a nicer way without major changes to the admin views.
ticket-159-circular-logout.patch (2.7 KB) - added by ashchristopher 3 years ago.
New patch for ticket.

Download all attachments as: .zip

Change History (16)

comment:1 Changed 7 years ago by Paul Bx <pb@…>

  • Resolution set to fixed
  • Status changed from new to closed

Problem no longer exists.

comment:2 Changed 3 years ago by ashchristopher

  • Easy pickings unset
  • Resolution fixed deleted
  • Status changed from closed to reopened
  • UI/UX unset

comment:3 Changed 3 years ago by ashchristopher

  • Cc ashchristopher added
  • Keywords admin logout added
  • Severity changed from normal to Normal
  • Triage Stage changed from Accepted to Unreviewed
  • Type changed from defect to Bug

Don't know when it was re-introduced, but tested using r16730 and this problem exists.

To recreate:

1. Log into the admin.

2. Log out of the admin.

You should see a special logout screen that says "Thanks for spending some quality time with the Web site today." Notice that the URL is still set to /admin/logout/.

3. Refresh browser.

You will now get the normal admin login screen. Notice that the url is still set to /admin/logout/.

4. Log back into the admin.

Notice that you are sent to the "Thanks for spending some quality time with the Web site today." screen.

Last edited 3 years ago by ashchristopher (previous) (diff)

comment:4 follow-up: Changed 3 years ago by wim@…

ashchristopher, I can confirm the same behaviour in Django 1.3 . Are you on this bug now? If so, can you claim it?

comment:5 Changed 3 years ago by Alex

  • Triage Stage changed from Unreviewed to Accepted

Was able to reproduce.

comment:6 in reply to: ↑ 4 Changed 3 years ago by ashchristopher

Replying to wim@…:

ashchristopher, I can confirm the same behaviour in Django 1.3 . Are you on this bug now? If so, can you claim it?

Not on it yet. Already working on ticket. Will claim in the future if not already claimed.

Version 0, edited 3 years ago by ashchristopher (next)

comment:7 Changed 3 years ago by ashchristopher

Adrian -- I have some time to take a look at this ticket if you would like.

comment:8 Changed 3 years ago by ashchristopher

  • Owner changed from adrian to ashchristopher
  • Status changed from reopened to new

Changed 3 years ago by ashchristopher

Needs review, but couldn't think of a nicer way without major changes to the admin views.

comment:9 Changed 3 years ago by ashchristopher

  • Has patch set
  • Status changed from new to assigned

comment:10 follow-up: Changed 3 years ago by ojii

Patch looks okay, but how about just redirecting to admin:index when the user does not have perms and is on admin:logout?

comment:11 in reply to: ↑ 10 ; follow-up: Changed 3 years ago by ashchristopher

Replying to ojii:

Patch looks okay, but how about just redirecting to admin:index when the user does not have perms and is on admin:logout?

Sorry - not quite sure I understand what you mean.

comment:12 in reply to: ↑ 11 Changed 3 years ago by ojii

Replying to ashchristopher:

Replying to ojii:

Patch looks okay, but how about just redirecting to admin:index when the user does not have perms and is on admin:logout?

Sorry - not quite sure I understand what you mean.

In https://code.djangoproject.com/attachment/ticket/159/ticket159.diff in contrib/admin/sites.py:193 you set the REDIRECT_FIELD_NAME in extra_context, I propose return a HttpResponseRedirect to admin:index, which will then handle the login part anyway.

Changed 3 years ago by ashchristopher

New patch for ticket.

comment:13 Changed 2 years ago by oinopion

  • Triage Stage changed from Accepted to Ready for checkin

Patch looks good: has working tests and does what it says on the tin.

comment:14 Changed 2 years ago by jezdez

  • Resolution set to fixed
  • Status changed from assigned to closed

In [17465]:

Fixed #159 -- Prevent the AdminSite from logging users out when they try to log in form the logout page. Many thanks, ashchristopher.

Add Comment

Modify Ticket

Change Properties
<Author field>
Action
as closed
as The resolution will be set. Next status will be 'closed'
The resolution will be deleted. Next status will be 'new'
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.