[wp-trac] [WordPress Trac] #25921: User has to log in twice if redirect_to URL has other scheme than login URL
WordPress Trac
noreply at wordpress.org
Tue Nov 12 00:41:16 UTC 2013
#25921: User has to log in twice if redirect_to URL has other scheme than login URL
--------------------------+-----------------------------
Reporter: thomaswm | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: General | Version: 3.7.1
Severity: normal | Keywords:
--------------------------+-----------------------------
I'm using WordPress Multisite version 3.7.1. Suppose you open the login
page of one of the blogs via the following URL.
https://example.com/wp-login.php?redirect_to=http%3A%2F%2Fexample.com
%2Fwp-admin%2F&reauth=1
After logging in, you will be redirected to the URL specified by the
`redirect_to` URL parameter. But then you are redirected to another (non-
HTTPS) login page where you're asked to login again.
http://example.com/wp-login.php?redirect_to=http%3A%2F%2Fexample.com%2Fwp-
admin%2F&reauth=1
I think in this case WordPress should either redirect the user to the non-
HTTPS login page right away or change the scheme of the `redirect_to` URL
to HTTPS.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/25921>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list