Bug #41320 When login privileges are required please redirect to login page
Submitted: 9 Dec 2008 9:14 Modified: 29 Jan 2009 13:40
Reporter: Simon Mudd (OCA) Email Updates:
Status: Closed Impact on me:
None 
Category:MySQL Enterprise Monitor: Web Severity:S3 (Non-critical)
Version:2.0.0.7101 OS:Any
Assigned to: Josh Sled CPU Architecture:Any

[9 Dec 2008 9:14] Simon Mudd 
Description:
When logged in to merlin through the web interface it may be necessary to restart tomcat. If this happens most access to the web interface still works fine. However some actions like create user, rename server etc suddenly generate an error message requesting the user to login.

How to repeat:
Login to web interface, restart tomcat, go and create a new web user. After entering the user details you´ll get an error message

U0002 You must log in to access the requested resource.

Suggested fix:

1. If the user is not considered logged in redirect to the login page. Then this error should not occur.

or

2. When this situation occurs redirect to the login page, and once the login is complete redirect back to the original page, and complete the request.
[9 Dec 2008 9:17] Simon Mudd 
Note: Currently after you see the "you must login message" you go back to the same create user screen, which of course you can´t complete...
[12 Dec 2008 22:12] Josh Sled 
revno: 6544
revision-id: jsled@asynchronous.org-20081212220544-xorzdcet2s387gmm
parent: andy@mysql.com-20081212211021-xg50nmowji6fdqj8
committer: Josh Sled <jsled@asynchronous.org>
branch nick: 2.0
timestamp: Fri 2008-12-12 17:05:44 -0500
message:
  Bug#41320: if the popup sees the "U0002" error message, then append a link to the login page, retaining the current page url for post-auth redirection
[15 Dec 2008 19:57] Josh Sled 
I should note about this change:

* We do not redirect to the login page, we only add a link to the end of the message in the popup window; the user will still need to click on the link.

* Post-login, we redirect to the base page that the user was on.  We do *not* try to preform whatever operation they were trying to do for a few reasons (it's generally unsafe, we don't necessarily have the same state we had before the server restart, the operation they were trying to do might no longer make sense post-restart, &c.)
[15 Jan 2009 19:53] Marcos Palacios 
Tested OK with build 2.0.2.7131.
[29 Jan 2009 13:40] Tony Bedford 
An entry was added to the 2.0.2 changelog:

When login privileges were required the Service Manager did not redirect the user to the login page. This resulted in error messages being displayed rather than simply redirecting the user to the login page. This problem typically occurred if it was necessary to restart Tomcat.