Edgewall Software
Modify

Opened 4 years ago

Closed 4 years ago

Last modified 4 years ago

#9757 closed defect (fixed)

Redirect loop from /login page

Reported by: sgifford@… Owned by: sgifford@…
Priority: normal Milestone: 0.12.2
Component: general Version: 0.12.1
Severity: normal Keywords: patch
Cc:
Release Notes:
API Changes:

Description

Our users like to use the "/login" page as their homepage, so they see a page asking them to log in instead of an error about not being logged in when they first connect to the system.

However, we found that when going to the login page directly and logging in successfully, Trac generates an endless loop of HTTP 302 Redirects.

I believe I can see the problem in web/auth.py, class LoginModule method _redirect_back. There after logging in we generate a redirect to the page we came from, but of course if we came from the login page we will redirect back to that.

Thanks, please let me know if more information is needed!

Attachments (0)

Change History (6)

comment:1 Changed 4 years ago by sgifford@…

Here is the patch we are using locally. It seems to fix the problem.

--- Trac-0.12.1/trac/web/auth.py	2010-10-09 17:37:49.000000000 -0400
+++ Trac-0.12.1-sg/trac/web/auth.py	2010-11-03 15:01:14.000000000 -0400
@@ -227,6 +227,12 @@
                 referer.startswith(req.base_url.rstrip('/')+'/')):
             # only redirect to referer if it is from the same site
             referer = None
+
+        # Detect a likely loop
+        if referer and referer == (req.base_url.rstrip('/')+req.path_info):
+            referer = None
+            
+        # Now redirect
         req.redirect(referer or req.abs_href())
 
     def _referer(self, req):

comment:2 Changed 4 years ago by rblank

  • Keywords patch added
  • Milestone set to 0.12.2

I cannot reproduce the issue here with Firefox, and going to the /login page redirects correctly to WikiStart. This could be browser-dependent, though, and we certainly don't check for a loop, so your patch makes sense. Thanks!

And, nice idea to bookmark the /login page. I have just updated my bookmarks :)

Last edited 4 years ago by rblank (previous) (diff)

comment:3 Changed 4 years ago by rblank

  • Resolution set to fixed
  • Status changed from new to closed

Patch applied (with a few additional .strip('/')) in [10310].

comment:4 Changed 4 years ago by rblank

  • Owner set to sgifford@…

comment:5 Changed 4 years ago by anonymous

A couple of my users are also getting this redirect loop - how exactly do I fix it?

comment:6 Changed 4 years ago by cboos

The easiest way for you to test the fix would be to install http://trac.edgewall.org/wiki/TracDownload#Tracstable, or wait a few days until we release 0.12.2rc1.

But having a confirmation of the fix would be nice ;-)

Modify Ticket

Change Properties
Set your email in Preferences
Action
as closed The owner will remain sgifford@….
The resolution will be deleted. Next status will be 'reopened'.
to The owner will be changed from sgifford@… to the specified user.

Add Comment


E-mail address and name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.