Description of problem: Login from Logout.do page fails Version-Release number of selected component (if applicable): I think I first found this on rhn400 but don't know about versions before this. rhn410 looks to still be vulnerable, but users may not ever find out on rhn410 as when a user clicks on "logout" they are redirected to the "Login.do" page, and never actually go to the "Logout.do" page. But you can still typed in Logout.do manually and try to login and fail. How reproducible: Every time Steps to Reproduce: 1. go to Logout.do page 2. try logging in and it will redirect you to the login page and not log you in (tested many times using saved password account as well as other accounts I got people to test) In rhn400 people might 1. login 2. "sign out" which will redirect you to "Logout.do" page 3. login from this page will fail and redirect you to Login.do page 4. login will then work In rhn410 people might 1. login 2. "sign up" which will redirect you to "Login.do" from which logins will work However if users manually type in "Logout.do" or have a bookmark and try logging in, this will also fail. Actual results: Login from "Logout.do" page fails Expected results: Login from "Logout.do" page should work Additional info: I don't know if this is it, but the source of the html (as publicly seen from the client side) has: Logout.do page has: <form id="loginForm" method="post" action="/rhn/ReLoginSubmit.do"> Login.do page has: <form id="loginForm" method="post" action="/rhn/LoginSubmit.do">
Sending code/webapp/WEB-INF/pages/common/relogin.jsp Transmitting file data . Committed revision 135987.
Reverted the previous commit, which removed "url_bounce" from relogin.jsp, this fixed the Logout.do problem described here, but it also broke the functionality of having a relogin automatically go to the intended page.
I believe this is what's happening with the described problem. Scenario #1 1) User is logged in 2) User goes to URL "/rhn/Logout.do" 3) User is logged out and brought to a login prompt 4) User enters login info and Login is successful Scenario #2 1) User is logged out 2) User goes to URL "/rhn/Logout.do" Note: Viewing HTML source will show that form variable "url_bounce=/rhn/Logout.do" 3) User enters login info 4) Login is successful, yet user doesn't see this since "LoginAction" sends a response.redirect(url_bounce). Which for this case, means user is brought back to Logout.do, which will log the user out and redisplay a login prompt. 5) Login prompt is displayed. Note: form var url_bounce is now set to "/rhn" 6) User types login info and is brought to YourRHN
Added a special case, so when url_bounce = Logout.do, it will forward to YourRHN and not continue with an immediate Logout. Sending com/redhat/rhn/frontend/action/LoginAction.java Transmitting file data . Committed revision 136071.
verified build 84
5.1 Sat GA so Closed for Current Release.