Forbidden Credentials Screen to Login Form does not clear session or logoff
Bug #369958 reported by
Anthony
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
KARL3 |
Fix Released
|
Medium
|
Chris McDonough |
Bug Description
When I attempt to view a restricted (private) page as 'user 1' who should not have access to page, I get the Forbidden Credential screen which is correct. Next, I click on the link to visit the 'Login Form'. I log in as 'user 2' who has access to the restricted page. However, after attempting to log in as 'user 2', I am still logged in as 'user 1'. The session is not cleared and a logoff of user 1 has not taken place.
Changed in karl3: | |
assignee: | nobody → Paul Everitt (paul-agendaless) |
milestone: | none → m12 |
Changed in karl3: | |
importance: | Undecided → Medium |
Changed in karl3: | |
assignee: | Shane Hathaway (shane-hathawaymix) → Chris McDonough (chrism-plope) |
Changed in karl3: | |
status: | Fix Committed → Fix Released |
To post a comment you must log in.
Notes for Shane
===============
- It's true, clicking on the link on the Forbidden screen takes you to
login, but logging in there never actually logs you out. If you
visit logout first, then all is good. Perhaps forbidden.pt (and
forbidden.py) should be changed to point at the logout_url instead
of login_form_url.