[rt-users] unprivileged users need to log in twice

Kevin Falcone falcone at bestpractical.com
Wed Dec 9 16:49:14 EST 2009


On Wed, Dec 09, 2009 at 12:26:53PM -0800, David Griffith wrote:
> On Wed, 9 Dec 2009, Kevin Falcone wrote:
> 
> > On Wed, Dec 09, 2009 at 11:40:32AM -0800, David Griffith wrote:
> >> Go to http://foobar.com/rt and you see the RT login screen.  Login as an
> >> unprivileged user (Alice).  The username and password field will blank
> >> out.  Type in Alice's username and password again, and you'll be logged in
> >> as Alice.  That's the first part of the bug.
> >
> > What happens at http://foobar.com/rt/ vs /rt
> > Also, what is your URL after the initial failed login?
> 
> Trailing slash makes no difference.  The URL after initial failed login is
> http://foobar.com/rt/SelfService/
> 
> >> The second part is when you type in the username-password the second 
> >> time.  If at that point you attempt to log in as a privileged user, 
> >> you'll log in, but your permissions are that of an unprivileged user.
> >
> > This sounds like the initial login worked enough to get you redirected
> > to /rt/SelfService/ which would certainly make it appear that you're
> > an unprivileged user when you then log in as Bob (the privileged user)
> 
> I see.  Any ideas of what's going on?

Not without further digging, but at least we've explained the
unprivileged rights issue.

-kevin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 195 bytes
Desc: not available
URL: <http://lists.bestpractical.com/pipermail/rt-users/attachments/20091209/8a24121d/attachment.sig>


More information about the rt-users mailing list