Context Navigation

Modify ↓

#9757 closed defect (fixed)

Redirect loop from /login page

Reported by:	sgifford@…	Owned by:	sgifford@…
Priority:	normal	Milestone:	0.12.2
Component:	general	Version:	0.12.1
Severity:	normal	Keywords:	patch
Cc:		Branch:
Release Notes:
API Changes:
Internal Changes:

Description

Our users like to use the "/login" page as their homepage, so they see a page asking them to log in instead of an error about not being logged in when they first connect to the system.

However, we found that when going to the login page directly and logging in successfully, Trac generates an endless loop of HTTP 302 Redirects.

I believe I can see the problem in web/auth.py, class LoginModule method _redirect_back. There after logging in we generate a redirect to the page we came from, but of course if we came from the login page we will redirect back to that.

Thanks, please let me know if more information is needed!

Attachments (0)

Change History (6)

comment:1 by sgifford@…, 15 years ago

Here is the patch we are using locally. It seems to fix the problem.

--- Trac-0.12.1/trac/web/auth.py	2010-10-09 17:37:49.000000000 -0400
+++ Trac-0.12.1-sg/trac/web/auth.py	2010-11-03 15:01:14.000000000 -0400
@@ -227,6 +227,12 @@
                 referer.startswith(req.base_url.rstrip('/')+'/')):
             # only redirect to referer if it is from the same site
             referer = None
+
+        # Detect a likely loop
+        if referer and referer == (req.base_url.rstrip('/')+req.path_info):
+            referer = None
+            
+        # Now redirect
         req.redirect(referer or req.abs_href())
 
     def _referer(self, req):

comment:2 by Remy Blank, 15 years ago

Keywords:	patch added
Milestone:	→ 0.12.2

I cannot reproduce the issue here with Firefox, and going to the /login page redirects correctly to WikiStart. This could be browser-dependent, though, and we certainly don't check for a loop, so your patch makes sense. Thanks!

And, nice idea to bookmark the /login page. I have just updated my bookmarks :)

Last edited 15 years ago by Remy Blank (previous) (diff)

comment:3 by Remy Blank, 15 years ago

Resolution:	→ fixed
Status:	new → closed

Patch applied (with a few additional .strip('/')) in [10310].

comment:4 by Remy Blank, 15 years ago

Owner:	set to sgifford@…

comment:5 by anonymous, 15 years ago

A couple of my users are also getting this redirect loop - how exactly do I fix it?

comment:6 by Christian Boos, 15 years ago

The easiest way for you to test the fix would be to install http://trac.edgewall.org/wiki/TracDownload#Tracstable, or wait a few days until we release 0.12.2rc1.

But having a confirmation of the fix would be nice ;-)

Modify Ticket

Change Properties

Summary:
Description:	Our users like to use the "/login" page as their homepage, so they see a page asking them to log in instead of an error about not being logged in when they first connect to the system. However, we found that when going to the login page directly and logging in successfully, Trac generates an endless loop of HTTP 302 Redirects. I believe I can see the problem in `web/auth.py`, class `LoginModule` method `_redirect_back`. There after logging in we generate a redirect to the page we came from, but of course if we came from the login page we will redirect back to that. Thanks, please let me know if more information is needed! You may use WikiFormatting here.
Type:		Priority:
Milestone:		Component:
Version:		Severity:
Keywords:		Cc:	Set your email in Preferences
Branch:
Release Notes:
API Changes:
Internal Changes:

Action

leave as closed The owner will remain sgifford@….

reopen The resolution will be deleted. Next status will be 'reopened'.

change ownership to The owner will be changed from sgifford@… to the specified user.

Add Comment

Your email or username:

E-mail address and name can be saved in the Preferences .

You may use WikiFormatting here.

Attachments ↑ Description ↑

Note: See TracTickets for help on using tickets.

Download in other formats: