Bug 995908 - Submitting a form after session expiration may result in an invalid redirect
Submitting a form after session expiration may result in an invalid redirect
Status: CLOSED CURRENTRELEASE
Product: OpenShift Online
Classification: Red Hat
Component: Website (Show other bugs)
2.x
Unspecified Unspecified
unspecified Severity medium
: ---
: ---
Assigned To: Fabiano Franz
libra bugs
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2013-08-11 20:26 EDT by Clayton Coleman
Modified: 2015-05-14 21:29 EDT (History)
5 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2013-09-19 12:47:14 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Clayton Coleman 2013-08-11 20:26:29 EDT
When attempting to submit a form after the session has timed out (due to the auth token being deleted, for example), the redirect for logout logic will attempt to use the submitted page url to redirect to after login.  However, some common form POST urls have no GET equivalent, which causes the user to get sent to a non-existent page.

The logout logic should adjust the "then" parameter to ensure that the url is reachable via GET.  We probably don't want to get too complex (i.e. store the post as a cookie..), but we need to ensure the user can return to their page.
Comment 1 Fabiano Franz 2013-09-11 12:57:02 EDT
Pull request: https://github.com/openshift/li/pull/1887
Comment 3 Yujie Zhang 2013-09-11 23:40:28 EDT
Tested on devenv_3776, user will redirect to logged out page when submitting forms if session is expired, so verify this bug, thanks.

Note You need to log in before you can comment on or make changes to this bug.