#4515 closed defect (worksforme)
Unexpected login behaviour
Reported by: | Owned by: | Jonas Borgström | |
---|---|---|---|
Priority: | low | Milestone: | |
Component: | general | Version: | 0.10.2 |
Severity: | trivial | Keywords: | login navigation priveleges |
Cc: | Branch: | ||
Release Notes: | |||
API Changes: | |||
Internal Changes: |
Description
If you navigate to any page in Trac whilst logged in that 'anonymous' does not have privelges to view (such as browse source) and then click the logout link, you get the message
'FORBIDDEN - BROWSER_VIEW privileges are required to perform this operation'
whereas you would expect to be forwarded back to the homepage or something
Note - I have tracaccountmanager, tracwebadmin and webadminusers plugins installed using HtDigest Auth on Apache 2.0 with mod_python front if it makes any difference
Attachments (0)
Change History (3)
comment:1 by , 18 years ago
comment:2 by , 18 years ago
Keywords: | navigation added; navigate removed |
---|
comment:3 by , 16 years ago
Milestone: | 0.10.6 |
---|---|
Resolution: | → worksforme |
Status: | new → closed |
In 0.11, such messages are a bit more user friendly, even prompting the user to log in if not already done.
I think it's "good enough" and better than to arbitrarily redirect to the home page. If someone has additional improvement suggestions (and preferably a patch), then please reopen.
I see this too. For us, users click logout and think their logout failed because they see "Forbidden".
I think instead of just saying 'Forbidden', it should say "Access to page Some-Protected-Page forbidden (you are not logged in)". If the user is logged in but doesn't have permission, that last part should say "(you are logged in, but don't have TRAC_PRIVILEDGE_NAME priviledges)".
The worst part of the current behavior is that the reason given for the page viewing being forbidden is something like: "TICKET_VIEW privileges are required to perform this operation". The new user sees this after clicking logout, and interprets "perform this operation" to mean "logout" instead of "view page".
Related: See http://trac-hacks.org/ticket/671 and http://trac-hacks.org/ticket/1204