Avoid showing the Login page if already logged in, and fix redirect loops.
Review Request #13438 — Created Nov. 27, 2023 and submitted
While working with a customer, I witnessed some confusion where the user
tried to log in, got redirected back to the Log In page, and then
thought they hadn't successfully logged in. This was occurring because
they were navigating to the Log In page, clicking Log In in the
navigation bar, and ending up back to the Log In page with a redirect
URL set back to the same page. Worse, if clicking Log In from the Log
Out page, users would get logged out immediately after logging in.To avoid these situations, we now redirect away from the Log In page if
the user is already logged in. We only do this after we check for all
the SSO/client-side login flows, so that we don't disrupt those.If the destination page would be the Log In or Log Out pages, we
normalize it back out to root URL for the server/Local Site. This
avoids these loops, and helpfully ensures users won't get immediately
logged out when logging in.Django has a mechanism to do these sort of checks, but it doesn't handle
the redirect-to-login case. Actually, it does, but it handles it via
raising an exception. Our approach is more tailored to our needs.
Tested logging in and redirecting.
Tested visiting the page while already logged in, and testing without
a login redirect, with a suitable redirect, and with a redirect loop.Performed the same test when clicking the Log In link from the Log Out
page.Unit tests pass.
Summary | ID |
---|---|
7f79fb8b9d89b2aecce0d7f13248737aa832073f |