Project

General

Profile

Actions
Copy link

Bug #105539

open

Confusing login form behavior when user is already logged in

Added by Jan Kornblum 2 days ago. Updated 2 days ago.

Status:
New
Priority:
Should have
Assignee:
-
Category:
felogin
Target version:
Candidate for patchlevel
Start date:
2024-11-04
Due date:
% Done:

0%

Estimated time:
TYPO3 Version:
12
PHP Version:
8.3
Tags:
felogin, login, error, simultaneous, existing, session
Complexity:
Is Regression:
Sprint Focus:

Description

The login form behavior is very confusing when trying to login, although the user os already logged in (another browser tab). Steps to reproduce:

  1. Show login form in browser tab 1
  2. Show login form in browser tab 2
  3. Perform valid login in tab 1
  4. Submit the login form in tab 2 (using valid or invalid credentials doesn’t matter regarding the behavior)

This results in a „login error occurred“ for tab 2, and this „attempt“ is also tracked by the rate limiter. This is very confusing. This behavior should be changed in one of the following ways:

  • in login controller „login“ action, automatically redirect to „overview“ action when user is already logged in but submits the form again (totally ignore the new credentials)
  • change user authentication middleware, perform a logout followed by a login using the new credentials
Actions
Copy link
 #1

Updated by Jan Kornblum 2 days ago

  • Description updated (diff)
Actions
Copy link
 #2

Updated by Jan Kornblum 2 days ago

  • Description updated (diff)
Actions
Copy link

Also available in: Atom PDF