Opened 7 years ago
Last modified 4 months ago
#40768 new enhancement
site.com/login should not redirect to login page when user is already logged in
| Reported by: |
|
Owned by: | |
|---|---|---|---|
| Milestone: | Awaiting Review | Priority: | normal |
| Severity: | normal | Version: | |
| Component: | Login and Registration | Keywords: | has-patch needs-dev-note |
| Focuses: | Cc: |
Description (last modified by )
When I am already logged in I should not be redirected to Login page if I type in mysite.com/login. Rather WordPress should be able to decide which page I should be on in this situation.
Being redirected to Login page even when I am already logged in must be treated as a bug. The reason is I am being able to login as a different user by going to login page directly when I am already logged in!
For example if I am already logged in as admin and type in mysite.com/login I should directly be taken to wp-admin. Same decision could be taken for different user privileges like if I am logged in as a subscriber or as a participant then I might land on site's home page.
Inspired from #40762 I have modified the decider so that WordPress can take this decision itself and stop landing logged in users to login page.
Attachments (1)
Change History (11)
This ticket was mentioned in Slack in #core-passwords by rajinsharwar. View the logs.
4 months ago
#5
@
4 months ago
At first glance I tend to agree that if someone is already logged in and attempts to hit the login form that perhaps we route them to the admin dashboard. Presumably if someone wanted to log in as a separate user they would eventually figure out that they need to log out first before being able to log in as a different user?
#6
@
4 months ago
I guess for the second case too @JeffPaul, we can just redirect to the homepage if any logged-in user (non-admin) tries to access the login page. That's what most websites are doing, for example, Facebook.
#7
follow-ups:
↓ 8
↓ 10
@
4 months ago
@rajinsharwar I think there are still non-admin's that should/could be directed to the WP Admin (author, editor, perhaps frankly all default core roles have some actions feasible in the admin).
#8
in reply to:
↑ 7
@
4 months ago
Replying to rajinsharwar:
This does look like a valid enhancement for me. I have also noticed it before, but let's see what others think about it.
Thank you @rajinsharwar.
Replying to JeffPaul:
@rajinsharwar I think there are still non-admin's that should/could be directed to the WP Admin (author, editor, perhaps frankly all default core roles have some actions feasible in the admin).
I agree with @JeffPaul. WordPress restricts different accesses based on the role of the user logging in / already logged in. And to log in as a different user, one can always log out and log back in!
If typing in the login URL even in logged in state brings up the login form and WordPress cannot decide where to go, I feel this is not ideal!
Moreover, if I type in site.com/wp-admin, it will directly take me to the dashboard based on the user already logged in.
So I don't see any logic behind landing me on login page when site.com/login is requested. Rather, in my opinion, here also the user should be taken to the dashboard directly with necessary restrictions applied.
#10
in reply to:
↑ 7
@
4 months ago
Replying to JeffPaul:
@rajinsharwar I think there are still non-admin's that should/could be directed to the WP Admin (author, editor, perhaps frankly all default core roles have some actions feasible in the admin).
Agree. But, the reason I wanted to redirect to the homepage for any non-admin users is, sometimes Administrators don't want their end users to access their admin dashboards. They might just want to keep them on their very front-end profile page. So, I suggested for the non-admins to be redirected to the homepage, and the admins to be redirected to the admin dashboard. What do you think?
This does look like a valid enhancement for me. I have also noticed it before, but let's see what others think about it.