Edgewall Software
Modify

Opened 18 years ago

Closed 16 years ago

Last modified 9 years ago

#4515 closed defect (worksforme)

Unexpected login behaviour

Reported by: a.rodger@… Owned by: Jonas Borgström
Priority: low Milestone:
Component: general Version: 0.10.2
Severity: trivial Keywords: login navigation priveleges
Cc: Branch:
Release Notes:
API Changes:
Internal Changes:

Description

If you navigate to any page in Trac whilst logged in that 'anonymous' does not have privelges to view (such as browse source) and then click the logout link, you get the message

'FORBIDDEN - BROWSER_VIEW privileges are required to perform this operation'

whereas you would expect to be forwarded back to the homepage or something

Note - I have tracaccountmanager, tracwebadmin and webadminusers plugins installed using HtDigest Auth on Apache 2.0 with mod_python front if it makes any difference

Attachments (0)

Change History (3)

comment:1 by weltepe@…, 18 years ago

I see this too. For us, users click logout and think their logout failed because they see "Forbidden".

I think instead of just saying 'Forbidden', it should say "Access to page Some-Protected-Page forbidden (you are not logged in)". If the user is logged in but doesn't have permission, that last part should say "(you are logged in, but don't have TRAC_PRIVILEDGE_NAME priviledges)".

The worst part of the current behavior is that the reason given for the page viewing being forbidden is something like: "TICKET_VIEW privileges are required to perform this operation". The new user sees this after clicking logout, and interprets "perform this operation" to mean "logout" instead of "view page".

Related: See http://trac-hacks.org/ticket/671 and http://trac-hacks.org/ticket/1204

comment:2 by Christian Boos, 18 years ago

Keywords: navigation added; navigate removed

comment:3 by Christian Boos, 16 years ago

Milestone: 0.10.6
Resolution: worksforme
Status: newclosed

In 0.11, such messages are a bit more user friendly, even prompting the user to log in if not already done.

I think it's "good enough" and better than to arbitrarily redirect to the home page. If someone has additional improvement suggestions (and preferably a patch), then please reopen.

Modify Ticket

Change Properties
Set your email in Preferences
Action
as closed The owner will remain Jonas Borgström.
The resolution will be deleted. Next status will be 'reopened'.
to The owner will be changed from Jonas Borgström to the specified user.

Add Comment


E-mail address and name can be saved in the Preferences .
 
Note: See TracTickets for help on using tickets.