jmix icon indicating copy to clipboard operation
jmix copied to clipboard
verified publisher icon jmix-framework

Direct opening of the login view may lead to multiple user sessions

Open glebfox opened this issue 4 months ago • 2 comments

Environment

Jmix version: 2.7.0 Source: forum

Bug Description

If we directly open the login view and enter user credentials, this leads to multiple user sessions.

Steps To Reproduce

  1. Open the first browser tab
  2. Login to the app with user1
  3. Open the second browser tab which is already has user session: user1
  4. In the first tab: navigate the login view, e.g. by browser history
  5. In the first tab: Login as user2
  6. Switch to the second browser tab

Current Behavior

Multiple browser tabs have different user sessions

Expected Behavior

Possible solutions:

  1. Either redirect to the main view or previous view if there is an active user.
  2. Previously logged-in user is logged out
  3. Disable login view if there is an active user

glebfox avatar Nov 10 '25 11:11 glebfox

I vote for Option no. 2 (Previously logged-in user is logged out)

wanchoonkit avatar Nov 12 '25 02:11 wanchoonkit

As a work around, add the following to the LoginView:

@Autowired
private CurrentAuthentication currentAuthentication;

@Override
public void beforeEnter(BeforeEnterEvent event) {
    if (!(currentAuthentication.getAuthentication() instanceof AnonymousAuthenticationToken)) {
        event.rerouteTo("");
        return;
    }

    super.beforeEnter(event);
}

glebfox avatar Nov 14 '25 06:11 glebfox