Project

General

Profile

Bug #105539

Updated by Jan Kornblum 2 days ago

The login form behavior is very confusing when trying to login, although the user os already logged in (another    browser tab). Steps to reproduce: 

 # Show login form in browser tab 1 
 # Show login form in browser tab 2 
 # Perform valid login in tab 1 
 # Submit the login form in tab 2 (using valid or invalid credentials doesn’t matter regarding the behavior) 

 This results in a „login error occurred“ for tab 2, and this „attempt“ is also tracked by the rate limiter. 2. This is very confusing. This behavior should be changed in one of the following ways: 

 * in login controller „login“ action, automatically redirect to „overview“ action when user is already logged in but submits the form again (totally ignore the new credentials) 
 * change user authentication middleware, perform a logout followed by a login using the new credentials

Back