Project

General

Profile

Actions

Bug #105539

open

Confusing login form behavior when user is already logged in

Added by Jan Kornblum about 1 month ago. Updated about 1 month ago.

Status:
New
Priority:
Should have
Assignee:
-
Category:
felogin
Start date:
2024-11-04
Due date:
% Done:

0%

Estimated time:
TYPO3 Version:
12
PHP Version:
8.3
Tags:
felogin, login, error, simultaneous, existing, session
Complexity:
Is Regression:
Sprint Focus:

Description

The login form behavior is very confusing when trying to login, although the user os already logged in (another browser tab). Steps to reproduce:

  1. Show login form in browser tab 1
  2. Show login form in browser tab 2
  3. Perform valid login in tab 1
  4. Submit the login form in tab 2 (using valid or invalid credentials doesn’t matter regarding the behavior)

This results in a „login error occurred“ for tab 2, and this „attempt“ is also tracked by the rate limiter. This is very confusing. This behavior should be changed in one of the following ways:

  • in login controller „login“ action, automatically redirect to „overview“ action when user is already logged in but submits the form again (totally ignore the new credentials)
  • change user authentication middleware, perform a logout followed by a login using the new credentials
Actions #1

Updated by Jan Kornblum about 1 month ago

  • Description updated (diff)
Actions #2

Updated by Jan Kornblum about 1 month ago

  • Description updated (diff)
Actions

Also available in: Atom PDF