Ticket #10974 (assigned Bug)

Opened 6 years ago

Last modified 4 years ago

Plone thinks logged in as zope user when using ajax login form after logout

Reported by: eleddy Owned by: eleddy
Priority: minor Milestone: 4.x
Component: Backend (Python) Version: 4.3
Keywords: login, CPT Cc: amleczko

Description

This is a weird scenario but I did it for whatever reason and it's recreatable. 4.0rc1 buildout.

  1. log in as user A
  2. click log out - stay on logout page
  3. instead of loggin in as user b with the login form on the page, click the login button to trigger the ajax login
  4. attempt to login as user B

An error message displays, saying "Still logged in as a Zope user", but if you go by the name at the top the login actually succeeds. Seems like this has something to do with the pull up of the login form twice. If I just use the form displayed after logout everything works fine.

To be clear, I think its the message that is wrong here and the login was actually successful.

Change History

comment:1 Changed 5 years ago by jessilfp

  • Keywords user, TuneUp, greenbelt added; user removed

comment:2 Changed 4 years ago by amleczko

  • Cc amleczko added

There is another interesting behavior.

  1. Go to Plone 404 page - ie.  http://localhost:8080/this_one_doesnt_exist
  2. Click login - overlay opens
  3. Try to login
  4. You will get the notfound error page in overlay, however you are actually authenticated

comment:3 Changed 4 years ago by amleczko

Somehow related to #11482

comment:4 Changed 4 years ago by tbesluau

  • Status changed from new to assigned
  • Owner set to tbesluau

comment:5 Changed 4 years ago by davisagli

  • Component changed from Infrastructure to General

comment:6 Changed 4 years ago by cwainwright

  • Owner tbesluau deleted
  • Version set to 4.1

I am unable to reproduce the issue in the description in the Plone 4.3 buildout, but the 404 issue in comment:2 is reproducible.

comment:7 Changed 4 years ago by cwainwright

  • Version changed from 4.1 to 4.2

comment:8 Changed 4 years ago by eleddy

I just recreated in 4.3 buildout. It's still there and has to do with some cookie machinery failing (the same stuff which causes messages to get lost when logging in in overlays). SO, the solution is to migrate out of CPT there. This will close many many tickets. no longer a tuneup - and possible even a plip since many people customize these forms. A straight translation shouldn't actually be so bad.

comment:9 Changed 4 years ago by eleddy

  • Owner set to eleddy
  • Keywords CPT added; zope, user, TuneUp, greenbelt removed
  • Version changed from 4.2 to 4.3
  • Component changed from General to Backend (Python)
Note: See TracTickets for help on using tickets.