Login URL forwarding

Support
#1

This issue is presumably a user-experience problem only. It can be reproduced in the https://demo.jmix.io/bookstore .
Many of our users, when given the above URL would open it, and then set a bookmark for future reference.

Now when you open the above URL you get forwarded to https://demo.jmix.io/bookstore/login - so the “/login” would be in the bookmark, too.

Whenever you now open the bookmark you will get to the login page. Even if you are logged in already. If you use tabs in your browser this can lead to irritation, since the older tab does not update the user-info. It uses the new credentials mind you, but our users reported false data on the older tab due to the wrong user-info.

I think it would lead to some unclosed sessions if a user frequently changes his login. Is that a security risk?

I believe that earlier versions did forward to https://demo.jmix.io/bookstore/#login . The # in the URL lead to the startpage, if you were already logged in and to the login-page if you weren’t.

That would still be the desired behaviour. Could you fix that?

Thank you

#4

Hi,

Thank you for reporting the problem, I’ve created a Github issue.

As a work around, add the following to the LoginView:

@Autowired
private CurrentAuthentication currentAuthentication;

@Override
public void beforeEnter(BeforeEnterEvent event) {
    if (!(currentAuthentication.getAuthentication() instanceof AnonymousAuthenticationToken)) {
        event.rerouteTo("");
        return;
    }

    super.beforeEnter(event);
}

Regards,
Gleb

1 Like