Is there any case where a logged in user attempting to access /user/login/sso (regardless of reason, you can't control what users decide to bookmark or link to) should get "Access Denied" instead of at least redirected to / or something?
1. Request for /user/login/sso should redirect to some default setting if user is already logged in.
2. Request for /user/login/sso?destination=node/123 should redirect to node/123 after auth or immediately if logged in.
I know I could use r4032login module to redirect on Access Denied, but that won't take into account "destination" so it's half a fix for an issue that shouldn't exist IMHO.
Comment | File | Size | Author |
---|---|---|---|
#3 | Redirect_on_auth-2888104-3.patch | 4.31 KB | naidim |
Comments
Comment #2
grahlValid point, I personally don't encounter this since all routes redirect to /user/login/sso and my users never see that url long enough to bookmark it.
Feel free to provide a patch.
Comment #3
naidim CreditAttribution: naidim as a volunteer commentedThis is my first attempt at a patch, so if I've messed up I apologize in advance and appreciate your forbearance.
Comment #4
grahlComment #6
AaronMcHaleCould this issue be repurposed for the 8.x branch, or should a new one be created for that branch? As I'm probably going to write a patch for the 8.x branch soon anyway to address this.
Comment #7
AaronMcHaleDecided to make a new issue #2968791: Improve destination handling on successful login as the scope of what I wanted to fix is more specific
Comment #8
grahl7 is EOL so if #2968791: Improve destination handling on successful login is not sufficient for any remaining use-case for 8.x please open a new ticket.