Ticket #10974 (assigned Bug)
Plone thinks logged in as zope user when using ajax login form after logout
Reported by: | eleddy | Owned by: | eleddy |
---|---|---|---|
Priority: | minor | Milestone: | 4.x |
Component: | Backend (Python) | Version: | 4.3 |
Keywords: | login, CPT | Cc: | amleczko |
Description
This is a weird scenario but I did it for whatever reason and it's recreatable. 4.0rc1 buildout.
- log in as user A
- click log out - stay on logout page
- instead of loggin in as user b with the login form on the page, click the login button to trigger the ajax login
- attempt to login as user B
An error message displays, saying "Still logged in as a Zope user", but if you go by the name at the top the login actually succeeds. Seems like this has something to do with the pull up of the login form twice. If I just use the form displayed after logout everything works fine.
To be clear, I think its the message that is wrong here and the login was actually successful.
Change History
comment:2 Changed 4 years ago by amleczko
- Cc amleczko added
There is another interesting behavior.
- Go to Plone 404 page - ie. http://localhost:8080/this_one_doesnt_exist
- Click login - overlay opens
- Try to login
- You will get the notfound error page in overlay, however you are actually authenticated
comment:6 Changed 4 years ago by cwainwright
- Owner tbesluau deleted
- Version set to 4.1
I am unable to reproduce the issue in the description in the Plone 4.3 buildout, but the 404 issue in comment:2 is reproducible.
comment:8 Changed 4 years ago by eleddy
I just recreated in 4.3 buildout. It's still there and has to do with some cookie machinery failing (the same stuff which causes messages to get lost when logging in in overlays). SO, the solution is to migrate out of CPT there. This will close many many tickets. no longer a tuneup - and possible even a plip since many people customize these forms. A straight translation shouldn't actually be so bad.