Arno0x
commented
8 years ago OK, I get your point: this is a valid scenario. However I don't know yet how to treat this case in a smart way. Marking this as "enhancement", will do later. Thanks.
Open crackedeggs1 opened 8 years ago
Arno0x
commented
8 years ago OK, I get your point: this is a valid scenario. However I don't know yet how to treat this case in a smart way. Marking this as "enhancement", will do later. Thanks.
So consider this scenario:
Someone logins in via TFA Someone fills in a form that will submit over POST to x.php Their TFA session expires They submit the form. They are redirected to the TFA login.php script. As it is currently, I think all the form fields get lost. It would be nice to preserve them and submit them to the target script after they login again.
What are your thoughts on the challenges of doing this?
I think we might have to try to rewrite to the login script in nginx rather than redirecting, which might require some changes to the current nginx.conf instructions, and for the login script in this case, have a separate "thank you for logging in" screen that fixes the referrer back to the original and submits the data via Javascript.