general: don't use session for after_url persistence (#5637)
This commit is contained in:
parent
fe54e75684
commit
1532759996
|
@ -666,7 +666,7 @@ class AlternateLoginDirectory(OldLoginDirectory):
|
|||
ident_methods = get_cfg('identification', {}).get('methods', [])
|
||||
|
||||
if get_request().form.get('ReturnUrl'):
|
||||
get_session().after_url = get_request().form.get('ReturnUrl')
|
||||
get_request().form['next'] = get_request().form.pop('ReturnUrl')
|
||||
|
||||
if 'IsPassive' in get_request().form and 'idp' in ident_methods:
|
||||
# if isPassive is given in query parameters, we restrict ourselves
|
||||
|
@ -678,7 +678,7 @@ class AlternateLoginDirectory(OldLoginDirectory):
|
|||
# possibility of SSO, if we got there as a consequence of an access
|
||||
# unauthorized url on admin/ or backoffice/, then idp auth method
|
||||
# is chosen forcefully.
|
||||
after_url = get_session().after_url
|
||||
after_url = get_request().form.get('next')
|
||||
if after_url:
|
||||
root_url = get_publisher().get_root_url()
|
||||
after_path = urlparse.urlparse(after_url)[2]
|
||||
|
|
Reference in New Issue