[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug #20678: member_controller: user successfully logs in but thinks that

From: boud
Subject: bug #20678: member_controller: user successfully logs in but thinks that s/he has failed
Date: Sat, 4 Aug 2007 00:25:01 +0200 (CEST)

hi samizdat-devel

PROBLEM: Sometimes a user when logging in may make some errors, e.g.
login or password may be missing, and so the "referer" URI becomes the
URI of member/login itself. In this situation, when the user clicks on
the submit button and *successfully* logs in, a redirect occurs to
member/login itself, so the part of the screen closest to the region
where s/he clicked appears to be totally unchanged. If the user looks
to the top-right, s/he will notice that his/her "full name" is now
shown, and will realise that s/he has successfully logged in. However, the submit button is at the bottom left and it is easy for the user to miss this changed information. Moreover, the main content of the page invites the user to log in, despite the fact (unclear to the
user) that s/he *has* successfully logged in.

This leads to a user being frustrated and thinking that s/he has not
successfully logged in.

Not only is this in itself a Bad Thing, but a frustrated user might
unnecessarily create a new login, or try his/her passwords normally
used on other sites, or switch from https to http since it's "better
to try something than just give up" - plenty of things to weaken security.

This problem is asymmetric with respect to the member/logout method -
because the logout button leads to changes in the content of the page
at a point very close to where the user has clicked, so the change *is*
obvious in that case.

PROPOSED SOLUTION: If the referer is member/login itself, then
redirect to some other page which should signal to the user that s/he
has successfully logged in. This could be a new page:  @title = _('Login
succeeded')... , or, as i suggest here, a redirect to the member page.


--- /tmp/tmp_snapshot/samizdat/lib/samizdat/controllers/member_controller.rb    
2007-05-05 14:56:27.000000000 +0200
+++ /usr/lib/ruby/1.8/samizdat/controllers/member_controller.rb 2007-08-03 
23:54:14.579828264 +0200
@@ -183,7 +191,8 @@
     if login and password
       if cookie = Session.start(login, password)
         @request.set_cookie('session', cookie, config['timeout']['last'])
-        @request.redirect(referer)
+        referer =~ %r{member/login\Z} ?
+           @request.redirect('member') : @request.redirect(referer)
         @title = _('Login Failed')
         @content_for_layout = box(@title,

reply via email to

[Prev in Thread] Current Thread [Next in Thread]