id,summary,reporter,owner,description,type,status,priority,component,severity,resolution,keywords,cc,release
10393,POST data is lost after redirect,ejucovy,ejucovy,The situation is described in comment:ticket:2210:14 and comment:ticket:2210:16 -- if a user has a browser window to a Trac edit screen open for a long enough time before submitting the edit form_ their session can expire and they'll be redirected to the login screen.  After successful login_ they'll be redirected back to the edit screen_ but their edits will be lost_ which can be very annoying.\r\n\r\nSimple way to reproduce in a browser:\r\n \r\n 1. Log in to your trac site\r\n 1. Open a browser tab to http://trac-site.com/newticket\r\n 1. Fill in some text to create the new ticket\r\n 1. Don't submit the form yet!\r\n 1. Open a '''second''' browser tab to http://trac-site.com/logout and then close it\r\n 1. Back in the first tab_ submit the form\r\n\r\nIf PermRedirectPlugin is installed_ you'll be redirected to the login screen; log in_ and you'll land back on the "newticket" form.  But all your hard work is completely lost.\r\n\r\nI think that it's fair to consider this a bug in PermRedirectPlugin.  The reason is that_ without PermRedirectPlugin installed_ Trac's behavior is "safer."  If you follow the exact same reproduction steps without the plugin installed_ you'll be given an "Error: Forbidden" screen that prompts you to log in.  \r\n\r\nThis screen is actually rendering an HTTP response to the POST request_ rather than instructing the browser to issue an immediate GET request like the plugin does.  So this actually gives you an opportunity to log back in using a separate tab_ and then simply hit "reload" on the first tab.  Your browser will warn you that you're resubmitting a form via POST and ask if you really want to resubmit the data.  You say yes_ and the exact same POST request will be replayed_ with your original intent fulfilled and no loss of data.,defect,new,normal,PermRedirectPlugin,normal,,,,1.0