Make WordPress Core

Opened 7 years ago

Last modified 2 months ago

#40768 new enhancement

site.com/login should not redirect to login page when user is already logged in

Reported by: subrataemfluence's profile subrataemfluence Owned by:
Milestone: Awaiting Review Priority: normal
Severity: normal Version:
Component: Login and Registration Keywords: has-patch needs-dev-note
Focuses: Cc:

Description (last modified by SergeyBiryukov)

When I am already logged in I should not be redirected to Login page if I type in mysite.com/login. Rather WordPress should be able to decide which page I should be on in this situation.

Being redirected to Login page even when I am already logged in must be treated as a bug. The reason is I am being able to login as a different user by going to login page directly when I am already logged in!

For example if I am already logged in as admin and type in mysite.com/login I should directly be taken to wp-admin. Same decision could be taken for different user privileges like if I am logged in as a subscriber or as a participant then I might land on site's home page.

Inspired from #40762 I have modified the decider so that WordPress can take this decision itself and stop landing logged in users to login page.

Attachments (1)

40768.diff (341 bytes) - added by subrataemfluence 7 years ago.

Download all attachments as: .zip

Change History (12)

#1 @subrataemfluence
7 years ago

  • Keywords has-patch added

#2 @rajinsharwar
10 months ago

  • Keywords needs-dev-note added
  • Version 4.7.4 deleted

#3 @rajinsharwar
10 months ago

  • Type changed from defect (bug) to enhancement

This does look like a valid enhancement for me. I have also noticed it before, but let's see what others think about it.

This ticket was mentioned in Slack in #core-passwords by rajinsharwar. View the logs.


10 months ago

#5 @JeffPaul
10 months ago

At first glance I tend to agree that if someone is already logged in and attempts to hit the login form that perhaps we route them to the admin dashboard. Presumably if someone wanted to log in as a separate user they would eventually figure out that they need to log out first before being able to log in as a different user?

#6 @rajinsharwar
10 months ago

I guess for the second case too @JeffPaul, we can just redirect to the homepage if any logged-in user (non-admin) tries to access the login page. That's what most websites are doing, for example, Facebook.

#7 follow-ups: @JeffPaul
10 months ago

@rajinsharwar I think there are still non-admin's that should/could be directed to the WP Admin (author, editor, perhaps frankly all default core roles have some actions feasible in the admin).

#8 in reply to: ↑ 7 @subrataemfluence
10 months ago

Replying to rajinsharwar:

This does look like a valid enhancement for me. I have also noticed it before, but let's see what others think about it.

Thank you @rajinsharwar.

Replying to JeffPaul:

@rajinsharwar I think there are still non-admin's that should/could be directed to the WP Admin (author, editor, perhaps frankly all default core roles have some actions feasible in the admin).

I agree with @JeffPaul. WordPress restricts different accesses based on the role of the user logging in / already logged in. And to log in as a different user, one can always log out and log back in!

If typing in the login URL even in logged in state brings up the login form and WordPress cannot decide where to go, I feel this is not ideal!

Moreover, if I type in site.com/wp-admin, it will directly take me to the dashboard based on the user already logged in.

So I don't see any logic behind landing me on login page when site.com/login is requested. Rather, in my opinion, here also the user should be taken to the dashboard directly with necessary restrictions applied.

#9 @SergeyBiryukov
10 months ago

  • Description modified (diff)

Related: #14949, #47088.

#10 in reply to: ↑ 7 @rajinsharwar
10 months ago

Replying to JeffPaul:

@rajinsharwar I think there are still non-admin's that should/could be directed to the WP Admin (author, editor, perhaps frankly all default core roles have some actions feasible in the admin).

Agree. But, the reason I wanted to redirect to the homepage for any non-admin users is, sometimes Administrators don't want their end users to access their admin dashboards. They might just want to keep them on their very front-end profile page. So, I suggested for the non-admins to be redirected to the homepage, and the admins to be redirected to the admin dashboard. What do you think?

#11 @rajinsharwar
2 months ago

Hi @subrataemfluence @JeffPaul, let's continue the discussion on #14949

Note: See TracTickets for help on using tickets.