View Issue Details

IDProjectCategoryView StatusLast Update
0025367mantisbtauthenticationpublic2019-06-27 07:43
Reportercproensa Assigned To 
Status newResolutionopen 
Product Version2.20.0 
Summary0025367: auth_reauthenticate() breaks form submission

When submitting a form, eg: in manage pages, and the destination page requires reauthentication, after redirecting to the destination page the original POST request is lost
This usually generates APPLICATION ERROR #2800 Invalid form security token

Steps To Reproduce

For example: manage_user_edit_page.php
Edit user data, and wait the timeout to let the authentication trigger.
Submit the form, reauthenticate page is shown.
After reauthentication, receive ' APPLICATION ERROR #2800 Invalid form security token'

TagsNo tags attached.




2019-01-24 18:42

developer   ~0061297

Thinking out loud for some options:

  • Carrying the form data as GET through the login pages, and to the final redirect, is not a valid option.
  • When the login page is triggered, if POST data is present, save that data in the user session.
  • After reauthentication is successful, then two options:
    1) instead of immediate redirect, recover GPC data from session, and display a page with a form (+ hidden inputs) that submits to the original destination. This requires user interaction
    2) or implement some method for gpc-recover-state, so that when the redirected page is landed, the saved data is restored from session into the global GPC, transparent to the user and destination page execution

Issue History

Date Modified Username Field Change
2019-01-21 19:37 cproensa New Issue
2019-01-24 18:42 cproensa Note Added: 0061297