Refreshing the wiki page immediately after logging in returns and error
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Moin OpenID module |
Fix Released
|
Medium
|
Stuart Metcalfe |
Bug Description
Reloading the wiki page immediately after successfully logging into the wiki, using OpenID, returns an error "OpenID error: Nonce already used or out of range." The user is also then logged out.
This occurs because the OpenID authentication is resubmitted, which is an obvious error as the nonce has been used already (replay attack prevention). However, this is not obvious to a user who just expects the page to refresh.
Steps to reproduce:
1. Ensure you're logged out of an OpenID auth enabled wiki.
2. Click 'Login' link on the wiki.
3. Click 'Sign In' on the Launchpad OpenID login page.
4. Once redirected back to the wiki, click 'Refresh'.
5. Observe the above error message.
6. Also notice that you are no longer logged in.
Changed in canonical-bis-openid: | |
status: | New → Fix Committed |
affects: | canonical-bis-openid → moin-openid |
Changed in moin-openid: | |
status: | Fix Committed → Fix Released |
Grabbing this while I'm working on related code