Bug 995908

Summary: Submitting a form after session expiration may result in an invalid redirect
Product: OpenShift Online Reporter: Clayton Coleman <ccoleman>
Component: WebsiteAssignee: Fabiano Franz <ffranz>
Status: CLOSED CURRENTRELEASE QA Contact: libra bugs <libra-bugs>
Severity: medium Docs Contact:
Priority: unspecified    
Version: 2.xCC: ffranz, tfeng, wsun, xtian, yujzhang
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2013-09-19 16:47:14 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Clayton Coleman 2013-08-12 00:26:29 UTC 
When attempting to submit a form after the session has timed out (due to the auth token being deleted, for example), the redirect for logout logic will attempt to use the submitted page url to redirect to after login.  However, some common form POST urls have no GET equivalent, which causes the user to get sent to a non-existent page.

The logout logic should adjust the "then" parameter to ensure that the url is reachable via GET.  We probably don't want to get too complex (i.e. store the post as a cookie..), but we need to ensure the user can return to their page.
Comment 1 Fabiano Franz 2013-09-11 16:57:02 UTC 
Pull request: https://github.com/openshift/li/pull/1887
Comment 2 openshift-github-bot 2013-09-11 18:43:52 UTC 
Commits pushed to master at https://github.com/openshift/li

https://github.com/openshift/li/commit/276537554f31e2ffc730aa161916f6b637c7660a
Bug 995908

https://github.com/openshift/li/commit/f37f90440b7e5ec18715848c6f2742cd33929bd1
Bug 995908 - simpler strategy
Comment 3 Yujie Zhang 2013-09-12 03:40:28 UTC 
Tested on devenv_3776, user will redirect to logged out page when submitting forms if session is expired, so verify this bug, thanks.