Too many redirects when privacy consent expired and MFA enabled #42783
Comments
|
Confirmed.
You won't be able to "log out" a user unless you use the session metadata tracking option. You can simply disable MFA. There are also a few simple workarounds for a quick fix, but it's a bummer. The problem is serious for the end user in fact. |
|
Particularly serious when the User doesn’t have admin access. Similar to reported issues around password resets with MFA enabled? |
No way without an admin. There are many options with access to the database. By the way, this applies to all new consents (not only expired ones). |
|
Understood. Other than disabling/not using MFA, what’s the best workaround, pending a core update/bugfix? Many thanks 👍 |
|
I have same or similar problem on Joomla 4.4.3. If you agree, please add that this bug also affects J4 and not only J5. This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/42783. |
|
I've created a PR #44522 to fix this. Please test it. Since we have a PR for this, I'm closing this issue. |
Steps to reproduce the issue
Login to frontend when privacy consent expired and MFA enabled on the account.
Expected result
User profile page opens (to accept/renew privacy consent).
Actual result
"Too many redirects" occurs. Website unusable by user as actually logged in.
System information (as much as possible)
Joomla 5.0.2 (b/c plugin enabled)
PHP 8.2.9
Maria-db 10.6.15-live
Additional comments
Redirect loop occurs when privacy consent expired and MFA enabled. Logging in to frontend should go to User Profile page to accept privacy consent but redirect loop occurs. User is actually logged in but can't do anything due to redirect loop/expired privacy consent.
Work around: Login to Admin and logout the logged in user, disable account's MFA in admin, login to frontend, accept privacy consent, logout of frontend, reset MFA on the account in Admin.
Hope this helps
John V
The text was updated successfully, but these errors were encountered: