Closed Bug 976949 Opened 10 years ago Closed 10 years ago

about:accounts?action=signin does not indicate if someone is already logged in.

Categories

(Cloud Services :: Server: Firefox Accounts, defect)

Product:
Cloud Services
Component:
Server: Firefox Accounts
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED WORKSFORME

People

(Reporter: markh, Assigned: markh)

References

Details

Attachments

(1 file, 1 obsolete file)

manage-screen.png
536.68 KB, image/png
Details 
The URL https://accounts.firefox.com/signin?service=sync&context=fx_desktop_v1, as loaded by about:accounts?action=signin, is used as a "signin" page.

I believe that until recently, this page correctly detected the login state and instead of the signin form displayed "You are signed in as email@address.com", but it no longer does this.  Note that it *does* change to this state if you log in from this page, but doesn't when it is refreshed.

An impact of this will be that if a tab is open and refreshed when the user is logged in (eg, if the tab is restored by session restore), the user may believe they are not logged in.  They may then log in again even though a user is already logged in.  As this will not cause a logout flow, this could cause problems.

STR:

* Log into an FxA account and verify the Preferences panel etc indicate you are logged in.
* Open a new tab to "about:accounts?action=signin"
* The tab offers to log you in - it should reflect you are already logged in.
FTR, I've verified that about:accounts?action=signin does request a session status from FxA, which does report a logged-in user - it just seems to ignore this.
I can't reproduce. I see the "Manage" screen (attached) after opening a tab with "about:accounts?action=signin" after logging in.
Attached image manage-screen.png (obsolete) — 

    
    

    
  

      
      
      
      

        Attached image
          
        manage-screen.png
      

    


  

        Attachment #8383342 -
        Attachment is obsolete: true

    
    

    
  
(In reply to Chris Karlof [:ckarlof] from comment #2)
> I can't reproduce. I see the "Manage" screen (attached) after opening a tab
> with "about:accounts?action=signin" after logging in.

FWIW, this is what I would expect it would do.

    
    

    
  
lol, crap. nm I did signin=true.

    
    

    
  
I can reproduce. I propose that in aboutaccounts.js, if action=signin or action=signup and we have a logged in user, it should show the manage screen.

More broadly, it raises the issue that after user has finished interacting with an about:accounts page, particularly one with query params, it's suspect to leave it hanging around the browser. E.g., for the action=reauth case, the user could keep loading that page and keep getting the login prompt. It would probably make sense to redirect to about:accounts after anything has completed would when then show the manage page after the user logged in.

    
    

    
  
(In reply to Chris Karlof [:ckarlof] from comment #7)
> I can reproduce. I propose that in aboutaccounts.js, if action=signin or
> action=signup and we have a logged in user, it should show the manage screen.

I think that would cause a UX regression - the user would then never see the "You are now signed in" or the "we sent a verification mail" status panels.

> More broadly, it raises the issue that after user has finished interacting
> with an about:accounts page, particularly one with query params, it's
> suspect to leave it hanging around the browser. E.g., for the action=reauth
> case, the user could keep loading that page and keep getting the login
> prompt.

Agree with that in general, but...

> It would probably make sense to redirect to about:accounts after
> anything has completed would when then show the manage page after the user
> logged in.

As above, I think that breaks what UX designed.

    
    

    
  
John, what should happen in this case?

    
    

    
  
(In reply to Mark Hammond [:markh] from comment #8)
> (In reply to Chris Karlof [:ckarlof] from comment #7)
> > I can reproduce. I propose that in aboutaccounts.js, if action=signin or
> > action=signup and we have a logged in user, it should show the manage screen.
> 
> I think that would cause a UX regression - the user would then never see the
> "You are now signed in" or the "we sent a verification mail" status panels.

What do you mean by "never see"? My proposal is that this would only happen if the user visited or reloaded about:accounts?... *after* signing in. If the user signed in and needed verification, then she would see the "we sent a verification mail" page. If she then decided to reload that screen, this approach would then show her the "Manage" page, but I don't think that's terrible.

    
    

    
  
I think this bug will be covered by the work that falls out of Bug 956605. E.g., this case is covered by the state machine I propose here: https://bugzilla.mozilla.org/show_bug.cgi?id=956605#c23
Depends on: 956605
Assignee: nobody → mhammond

    
    

    
  
Just verified this was fixed by bug 956605
Status: NEW → RESOLVED
Closed: 10 years ago
Resolution: --- → WORKSFORME

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: