Red Hat Bugzilla – Bug 995908
Submitting a form after session expiration may result in an invalid redirect
Last modified: 2015-05-14 21:29:42 EDT
When attempting to submit a form after the session has timed out (due to the auth token being deleted, for example), the redirect for logout logic will attempt to use the submitted page url to redirect to after login. However, some common form POST urls have no GET equivalent, which causes the user to get sent to a non-existent page.
The logout logic should adjust the "then" parameter to ensure that the url is reachable via GET. We probably don't want to get too complex (i.e. store the post as a cookie..), but we need to ensure the user can return to their page.
Pull request: https://github.com/openshift/li/pull/1887
Commits pushed to master at https://github.com/openshift/li
Bug 995908 - simpler strategy
Tested on devenv_3776, user will redirect to logged out page when submitting forms if session is expired, so verify this bug, thanks.