User logged-in can access to /login using browser "go back" after login success

Question

User logged-in can access to /login using browser "go back" after login success

panpansh opened this issue 5 years ago · 1 comments

First thanks for this.
Like specified in title,
when a user is logged-in, he can access to /login using browser "go back"
(if I refresh from "/login", redirect to "/" ok)

@auth_bp.route('/login', methods=['GET', 'POST'])
def login():
    """
    Log-in page for registered users.
    GET: Serve Log-in page.
    POST: Validate form and redirect user to dashboard.
    """
    if current_user.is_authenticated:
        print(current_user.is_anonymous)
        return redirect(url_for('main_bp.dashboard'))  # Bypass if user is logged in

When I go back (after login success) "current_user.is_authenticated" never printed like they don't go here :/
(same with the print before the if).
Can you explain please if you see something ?
Regards

Answer 1 · 2020-07-07T15:42:44.000Z

same like i'm logged-in and here : "/session"
writing "/logout" ok and now I go back from browser: result => I'm displaying session page (no redirect).
(if I refresh, redirect to "/login" ok)
Regards.