Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Login page does not check if a user is logged in #5441

Open
Dimitar5555 opened this issue Dec 24, 2024 · 4 comments
Open

Login page does not check if a user is logged in #5441

Dimitar5555 opened this issue Dec 24, 2024 · 4 comments

Comments

@Dimitar5555
Copy link
Contributor

URL

https://www.openstreetmap.org/login?referer=%2Fedit%3Frelation%3D15090094#map=19/33.411025/-114.923289

How to reproduce the issue?

  1. Open osm.org in a container that is not normally used for osm.org (i.e. you are not logged in there)
  2. Press "Edit" (you are redirected to the login page, some referrer value is added to the URL)
  3. Change the container of the tab (right click tab -> "Open in new container tab" -> select the container where you are logged into OSM)
  4. The login page is displayed even though you are logged in

The expected behavior would be to check if the user is logged in already and if he is, redirect him to the referer or to the main page.

The bug appears in Firefox when using multi-account-containers. I don't know if it's reproducible in other browsers.

Screenshot(s) or anything else?

image
@AntonKhorev
Copy link
Collaborator

It works as expected as long as we're allowing using the login page without logging out first.

@tomhughes
Copy link
Member

Quite this is behaving as intended but the user has changed context behind the site's back - the page was rendered in one context with a set of cookies that indicated the user is logged in and the user then switched to a different context with different cookies which is not really a supported thing to do.

Being able to go to the login page without having to logout first is actually quite useful for administrators so I'm reluctant to get rid of that to support this one extremely obscure use case.

@AntonKhorev
Copy link
Collaborator

We can add a message to the login page that you're already logged in. And if there's a referrer, we can add a link to that page.

@Dimitar5555
Copy link
Contributor Author

We can add a message to the login page that you're already logged in. And if there's a referrer, we can add a link to that page.

That is a good solution, given the fact the current behavior is useful to some people.

Quite this is behaving as intended but the user has changed context behind the site's back - the page was rendered in one context with a set of cookies that indicated the user is logged in and the user then switched to a different context with different cookies which is not really a supported thing to do.

Just for the record, the change is not "behind the site's back". When switching containers, a new tab is opened and the page is loaded again.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@tomhughes @AntonKhorev @Dimitar5555