#19327: Admin doesn't handle double login attempts
-------------------------------------+-------------------------------------
Reporter: KJ | Owner: KJ
Type: Bug | Status: new
Component: contrib.admin | Version: master
Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted
sensitive_post_parameters, login | Needs documentation: 0
Has patch: 1 | Patch needs improvement: 1
Needs tests: 0 | UI/UX: 0
Easy pickings: 1 |
-------------------------------------+-------------------------------------
Changes (by julien):
* needs_better_patch: 0 => 1
Comment:
Thanks for the patch. There is a related issue which I think should be
fixed at the same time as this.
To reproduce:
- Log out from the admin.
- Open the admin index in two separate tabs, without logging in yet. You
should see the login form in both tabs.
- In the first tab, enter the correct credentials to log in successfully.
- In the second tab, enter incorrect credentials (e.g. wrong password).
The problem is that you will get through in the second tab even though the
credentials were incorrect.
We should make sure that the login form always checks the entered
credentials regardless of whether or not a user is already logged in.
Also, if the entered credentials are wrong, then the user should get
logged out.
--
Ticket URL: <https://code.djangoproject.com/ticket/19327#comment:6>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
--
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit https://groups.google.com/groups/opt_out.
