Community
Participate
Working Groups
I have noticed that even after I login on one eclipse page it is easy to go to another page and have to "log in" again. 'Log in' is in quotes since I just had to "press the button" not re-supply user id and password. That doesn't seem right, and make the pages harder to use that should be necessary. Similarly, I found if I log off of one page, and then "back up" to a previous page, even with "refresh" I am sill logged in. That is sort of a tiny security exposure, in that is does not match users expectations and someone might mistakenly stay logged in from a public terminal. To give specific steps, I first went to https://accounts.eclipse.org/ and was asked to login and then get my full profile page https://accounts.eclipse.org/user/ From there, I clicked on 'projects' at top of page, and sent to https://www.eclipse.org/projects/ Notice even there is a "log in" button, instead of "Welcome david_williams" button. Mistakenly, if I click log in there, I am sent back to my profile page! [I just discovered that issue when verifying my steps, and was not the original purpose of this bug.] So, from projects page, I search for "cbi", get two hits [for some reason] and then select the CBI project and sent to https://projects.eclipse.org/projects/technology.cbi There, at the top, the button just says "Log in". If I click it it logs me in without further prompting (at least that's good!) and shows me the full project page for committers. Kind of confusing since at first I did not realize I had to "Log in" multiple times. From there, the cbi page, you can see if you "log out" and then use back button to get back to profile page that you are not truly logged out. I hope I am not misunderstanding the intent of the webpages, but it is confusing to me so thought I would report it. Thanks for reading,
(In reply to David Williams from comment #0) Hi David! > I have noticed that even after I login on one eclipse page it is easy to go > to another page and have to "log in" again. 'Log in' is in quotes since I > just had to "press the button" not re-supply user id and password. > > That doesn't seem right, and make the pages harder to use that should be > necessary. > > Similarly, I found if I log off of one page, and then "back up" to a > previous page, even with "refresh" I am sill logged in. That is sort of a > tiny security exposure, in that is does not match users expectations and > someone might mistakenly stay logged in from a public terminal. > > To give specific steps, I first went to > https://accounts.eclipse.org/ > and was asked to login and then get my full profile page > https://accounts.eclipse.org/user/ > > From there, I clicked on 'projects' at top of page, and sent to > https://www.eclipse.org/projects/ > > Notice even there is a "log in" button, instead of "Welcome david_williams" > button. > Mistakenly, if I click log in there, I am sent back to my profile page! > [I just discovered that issue when verifying my steps, and was not the > original purpose of this bug.] I was able to reproduce your behavior if I don't accept our Cookie policy banner. www.eclipse.org will ignore session cookies if you don't accept to use cookies on the site. Accepting our cookie policy should fix your problem. If not, please let me know. > > So, from projects page, I search for "cbi", get two hits [for some reason] > and then select the CBI project and sent to > https://projects.eclipse.org/projects/technology.cbi > > There, at the top, the button just says "Log in". If I click it it logs me > in without further prompting (at least that's good!) and shows me the full > project page for committers. This is the expected behavior. When a user logs in to accounts.eclipse.org, we decided that this state should be reflected on www.eclipse.org but not on any other services or website for security reasons. > > Kind of confusing since at first I did not realize I had to "Log in" > multiple times. > > From there, the cbi page, you can see if you "log out" and then use back > button to get back to profile page that you are not truly logged out. I agree this is a bug. If you logout from projects.eclipse.org, the user should be logged out from accounts.eclipse.org as-well. If you don't mind, I would like to repurpose your bug to do so. > > I hope I am not misunderstanding the intent of the webpages, but it is > confusing to me so thought I would report it. > > Thanks for reading,
I am marking this bug as a duplicate to Bug 444519 - Centralized logout process since it's the behavior I would expect and it's basically want I wanted to implement this issue. *** This bug has been marked as a duplicate of bug 444519 ***
