View Issue Details

Jump to NotesJump to History
IDProjectCategoryView StatusDate SubmittedLast Update
0010543Talerlibeufin-bank-ui (SPA)public2025-10-31 13:512025-11-06 01:29
Reporteravalos Assigned Tosebasjm  
PrioritynormalSeverityminorReproducibilityhave not tried
Status resolvedResolutionfixed 
Product Versiongit (master) 
Target Version1.2Fixed in Version1.2 
Summary0010543: expired session makes confirming withdrawal impossible
DescriptionSomething is going awry with expired sessions.
Steps To Reproduce1. Go to https://bank.demo.taler.net/ (with an expired session)
2. A login form with the username pre-filled and a "Check" button will appear,
    but don't login because you forgot the password, instead...
3. Create a new account and...
4. Login with the new account.
5. Do a withdrawal to the wallet.
6. Open the link in the wallet and confirm.
7. In the SPA, instead of a confirmation button, a login form with a warning "This operation was created with another username", the previous username pre-filled, and a "Check" button will appear.
8. Enter a password or click "Cancel," and it will take you back to the login screen.
9. Rinse and repeat (from step 4)
TagsNo tags attached.
Attached Files
image.png (82,288 bytes)   
image.png (82,288 bytes)   
image-2.png (60,509 bytes)   
image-2.png (60,509 bytes)   

Activities

sebasjm

2025-10-31 13:55

developer   ~0026291

-> check how we are covering the case when the expired session is not the same as the original withdrawal
maybe handing the case saying "login with this username to complete the operation"

avalos

2025-10-31 14:19

developer   ~0026292

No, no, it's as simple as, if you login with a different account and do a withdrawal, don't ask me to confirm some withdrawal that was made with the expired account.

sebasjm

2025-11-05 16:37

developer   ~0026310

fb5a6ea28..13facb53b

two things where fixed:

1) hitting enter on an input triggered "cancel" instead of "check" which caused the confusion in 'username pre-filled, and a "Check" button will appear'
2) the login form don't mention that this browser has an expired session

> don't ask me to confirm some withdrawal that was made with the expired account.

when you click the link on the wallet you are opening a browser that doesn't have the session used to create the withdrawal. in your case it has a expired session so it needs to ask the passwd again since the access token doesn't work anymore.
image-3.png (16,522 bytes)   
image-3.png (16,522 bytes)   
image-4.png (35,045 bytes)   
image-4.png (35,045 bytes)   

Issue History

Date Modified Username Field Change
2025-10-31 13:51 avalos New Issue
2025-10-31 13:51 avalos File Added: image.png
2025-10-31 13:51 avalos File Added: image-2.png
2025-10-31 13:52 avalos Assigned To => sebasjm
2025-10-31 13:52 avalos Status new => assigned
2025-10-31 13:55 sebasjm Note Added: 0026291
2025-10-31 14:19 avalos Note Added: 0026292
2025-11-05 16:37 sebasjm Note Added: 0026310
2025-11-05 16:37 sebasjm File Added: image-3.png
2025-11-05 16:37 sebasjm File Added: image-4.png
2025-11-05 16:37 sebasjm Status assigned => resolved
2025-11-05 16:37 sebasjm Resolution open => fixed
2025-11-06 01:29 Christian Grothoff Product Version => git (master)
2025-11-06 01:29 Christian Grothoff Fixed in Version => 1.2
2025-11-06 01:29 Christian Grothoff Target Version => 1.2