What if someone has to login again after a POST? #5
Description
So consider this scenario:
- Someone logins in via TFA
- Someone fills in a form that will submit over POST to x.php
- Their TFA session expires
- They submit the form.
- They are redirected to the TFA login.php script.
As it is currently, I think all the form fields get lost. It would be nice to preserve them and submit them to the target script after they login again.
What are your thoughts on the challenges of doing this?
I think we might have to try to rewrite to the login script in nginx rather than redirecting, which might require some changes to the current nginx.conf instructions, and for the login script in this case, have a separate "thank you for logging in" screen that fixes the referrer back to the original and submits the data via Javascript.