Making WordPress.org

Opened 6 years ago

Closed 3 years ago

Last modified 3 years ago

#3821 closed enhancement (fixed)

Improve Trac Logout - Return user to current page

Reported by: garrett-eclipse's profile garrett-eclipse Owned by: dd32's profile dd32
Milestone: Priority: normal
Component: Login & Authentication Keywords:
Cc:

Description

Hello,

If you use the logout function many places around the wp.org network it often just reloads the current page with you logged out. For example logging out from a profile page (https://profiles.wordpress.org/garrett-eclipse) simply reloads leaving you on the current page.

On the Trac sites instead of doing the logout on reload it takes you to https://login.wordpress.org/logout when you then have to click log out again and are finally left at https://login.wordpress.org/loggedout/ which only has a link 'Back to login', so to return to the original page you have to go back in browser history two pages.

It would be very useful to adopt the reload logout method found other places so clicking logout on Trac simply reloads the page with you logged out. If that's not possible I wonder if the loggedout page can either redirect you back to the original page or at least provide a link back to the original page.

I believe this is actually what @joyously encountered when she made this comment;
https://meta.trac.wordpress.org/ticket/3794#comment:8

To reproduce.. simply hit Logout at the top of this Trac ticket.

Thanks

Attachments (2)

Screen Shot 2018-09-21 at 10.00.37 AM.png (129.3 KB) - added by garrett-eclipse 6 years ago.
Logout page - https://login.wordpress.org/logout
Screen Shot 2018-09-21 at 10.00.44 AM.png (112.6 KB) - added by garrett-eclipse 6 years ago.
Post Logout Screen - https://login.wordpress.org/loggedout

Download all attachments as: .zip

Change History (9)

#1 @dd32
6 years ago

In 7695:

Login: Allow query parameters on the /logout route. This is needed to support the locale switcher, and future custom redirection locations.

See #3821.
Fixes #3823.

#2 @dd32
6 years ago

In 7696:

Login: Allow the /logout route to accept a custom ?redirect_to parameter.
This will allow non-WordPress sites (Trac) to pass their current URL.

See #3821.

#3 @dd32
6 years ago

This isn't 100% straight forward, as the Logout link in Trac isn't a link at all.

The logout on Trac is a form, which once submitted to Trac is redirected to the login logout functionality without a nonce. The nonce is required to prevent a user maliciously logging out users (ie. inserting an image into a trac ticket of https://login.wordpress.org/logout?yes-i-really-want-to), and Trac can't generate that nonce.

With r7696 we'll be able to update the nginx redirect on Trac to pass the referer through, but I'll need to make a systems request to get that actioned.

It should just be changing a nginx location block to something like this I think:

location = /logout {
        return 301 https://login.wordpress.org/logout?redirect_to=$http_referer;
}

#4 @garrett-eclipse
6 years ago

Thanks for looking into this @dd32 sounds like it's in good hands.

This ticket was mentioned in Slack in #meta by tellyworth. View the logs.


4 years ago

#6 @dd32
3 years ago

  • Owner set to dd32
  • Resolution set to fixed
  • Status changed from new to closed

In 11047:

Trac: Replace logout form with logout link that includes the redirect_to parameter, to return the user to the current Trac page afterwards.

Fixes #3821.

#7 @dd32
3 years ago

In 11050:

Trac: Replace the login link with one that goes directly to login.wordpress.org, to ensure you're returned to the same page afterwards.

See https://wordpress.slack.com/archives/C0C89GD35/p1624259898002700.
See #3821.

Note: See TracTickets for help on using tickets.