Bug 6223 - can click login multiple times and accidentally get multiple sessions
Summary: can click login multiple times and accidentally get multiple sessions
Alias: None
Product: ThinLinc
Classification: Unclassified
Component: Web Access (show other bugs)
Version: 1.3.1
Hardware: PC Unknown
: P2 Normal
Target Milestone: 4.9.0
Assignee: Samuel Mannehed
Keywords: ossman_tester, relnotes
Depends on:
Reported: 2017-04-04 15:29 CEST by Pierre Ossman
Modified: 2017-11-30 16:20 CET (History)
1 user (show)

See Also:
Acceptance Criteria:


Description Pierre Ossman cendio 2017-04-04 15:29:01 CEST
Originally reported on bug 5953.

It's possible to click the Login button several times (e.g. doing a double click) and having the server create multiple sessions. Ideally we want to make sure that the current transaction is done before we allow the user to start another.

Note that this is still an issue even if bug 5953 is fixed. On a system which allows multiple sessions you still don't want to have users accidentally create extra sessions they don't know about.

Bug 5953 also has a quick and dirty patch for this which could be used as a basis for a proper fix.
Comment 4 Samuel Mannehed cendio 2017-05-22 14:30:22 CEST
The login button is now disabled after submitting the login form.
Comment 5 Pierre Ossman cendio 2017-05-29 17:05:54 CEST
Works well. Tested in Firefox, Chrome, Safari[1], IE and Edge.

[1] The UI doesn't update in Safari once you've clicked, so you don't see it as disabled. It is properly disabled though.

Note You need to log in before you can comment on or make changes to this bug.