[GitHub] [ofbiz-framework] ingo-koenemann commented on pull request #236: Improved: Remove _PREVIOUS_REQUEST_ Session Attribute on non-authentication pages (OFBIZ-12047)

[GitBox <gi...@apache.org>]

ingo-koenemann commented on pull request #236:
URL: https://github.com/apache/ofbiz-framework/pull/236#issuecomment-768096271


   Hi Jacques,
   
   I tried to explain the reasons in the corresponding JIRA issue but found the problem I mentioned (navigation problems while navigating the site without a login and then logging in) does not exist on the demo front end due to the implementation of the login.
   
   It is possible to implement a login button using the current methods that automatically sends the user to the previously viewed page (which we have done in custom projects). Without the commit provided the last visited page will not be cleared on appropriate navigation, resulting in a mismatch between where the user currently is on the site and the site saved as the last visited. This results in said login leading to the (falsely identified) last visited site (which required authorization) instead of the current site (if it does not require authorization).
   
   For example:
   1. Navigate to a profile page requiring authorization.
   2. Navigate to an FAQ site which does not require authorization.
   3. The login button should now lead, upon authorization) back to the FAQ site. Instead the browser is send to the profile page since it was the last saved request requiring authorization.
   
   I hope this explanation clears up the issue.
   
   Best regards,
   Ingo


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org