TwoFactorAuth icon indicating copy to clipboard operation
TwoFactorAuth copied to clipboard
verified publisher icon Arno0x

What if someone has to login again after a POST?

Open crackedeggs1 opened this issue 9 years ago • 1 comments

So consider this scenario:

Someone logins in via TFA Someone fills in a form that will submit over POST to x.php Their TFA session expires They submit the form. They are redirected to the TFA login.php script. As it is currently, I think all the form fields get lost. It would be nice to preserve them and submit them to the target script after they login again.

What are your thoughts on the challenges of doing this?

I think we might have to try to rewrite to the login script in nginx rather than redirecting, which might require some changes to the current nginx.conf instructions, and for the login script in this case, have a separate "thank you for logging in" screen that fixes the referrer back to the original and submits the data via Javascript.

crackedeggs1 avatar Jan 30 '16 17:01 crackedeggs1

OK, I get your point: this is a valid scenario. However I don't know yet how to treat this case in a smart way. Marking this as "enhancement", will do later. Thanks.

Arno0x avatar Feb 01 '16 07:02 Arno0x