Actions
Bug #105539
openConfusing login form behavior when user is already logged in
Start date:
2024-11-04
Due date:
% Done:
0%
Estimated time:
TYPO3 Version:
12
PHP Version:
8.3
Tags:
felogin, login, error, simultaneous, existing, session
Complexity:
Is Regression:
Sprint Focus:
Description
The login form behavior is very confusing when trying to login, although the user os already logged in (another browser tab). Steps to reproduce:
- Show login form in browser tab 1
- Show login form in browser tab 2
- Perform valid login in tab 1
- Submit the login form in tab 2 (using valid or invalid credentials doesn’t matter regarding the behavior)
This results in a „login error occurred“ for tab 2, and this „attempt“ is also tracked by the rate limiter. This is very confusing. This behavior should be changed in one of the following ways:
- in login controller „login“ action, automatically redirect to „overview“ action when user is already logged in but submits the form again (totally ignore the new credentials)
- change user authentication middleware, perform a logout followed by a login using the new credentials
Actions