WordPress.org

Making WordPress.org

Opened 10 months ago

Last modified 10 months ago

#3821 new enhancement

Improve Trac Logout - Return user to current page

Reported by: garrett-eclipse Owned by:
Milestone: Priority: normal
Component: Login & Authentication Keywords:
Cc:

Description

Hello,

If you use the logout function many places around the wp.org network it often just reloads the current page with you logged out. For example logging out from a profile page (https://profiles.wordpress.org/garrett-eclipse) simply reloads leaving you on the current page.

On the Trac sites instead of doing the logout on reload it takes you to https://login.wordpress.org/logout when you then have to click log out again and are finally left at https://login.wordpress.org/loggedout/ which only has a link 'Back to login', so to return to the original page you have to go back in browser history two pages.

It would be very useful to adopt the reload logout method found other places so clicking logout on Trac simply reloads the page with you logged out. If that's not possible I wonder if the loggedout page can either redirect you back to the original page or at least provide a link back to the original page.

I believe this is actually what @joyously encountered when she made this comment;
https://meta.trac.wordpress.org/ticket/3794#comment:8

To reproduce.. simply hit Logout at the top of this Trac ticket.

Thanks

Attachments (2)

Screen Shot 2018-09-21 at 10.00.37 AM.png (129.3 KB) - added by garrett-eclipse 10 months ago.
Logout page - https://login.wordpress.org/logout
Screen Shot 2018-09-21 at 10.00.44 AM.png (112.6 KB) - added by garrett-eclipse 10 months ago.
Post Logout Screen - https://login.wordpress.org/loggedout

Download all attachments as: .zip

Change History (6)

#1 @dd32
10 months ago

In 7695:

Login: Allow query parameters on the /logout route. This is needed to support the locale switcher, and future custom redirection locations.

See #3821.
Fixes #3823.

#2 @dd32
10 months ago

In 7696:

Login: Allow the /logout route to accept a custom ?redirect_to parameter.
This will allow non-WordPress sites (Trac) to pass their current URL.

See #3821.

#3 @dd32
10 months ago

This isn't 100% straight forward, as the Logout link in Trac isn't a link at all.

The logout on Trac is a form, which once submitted to Trac is redirected to the login logout functionality without a nonce. The nonce is required to prevent a user maliciously logging out users (ie. inserting an image into a trac ticket of https://login.wordpress.org/logout?yes-i-really-want-to), and Trac can't generate that nonce.

With r7696 we'll be able to update the nginx redirect on Trac to pass the referer through, but I'll need to make a systems request to get that actioned.

It should just be changing a nginx location block to something like this I think:

location = /logout {
        return 301 https://login.wordpress.org/logout?redirect_to=$http_referer;
}

#4 @garrett-eclipse
10 months ago

Thanks for looking into this @dd32 sounds like it's in good hands.

Note: See TracTickets for help on using tickets.