Skip to content

Authentication tokens: session already active - same user

Overview

If a user clicks an authenticated link a second time the result is an error message stating: HTTP 401 Cannot login. Session already active.

See this chat and #4462

Reproduction steps

  1. Create a FormBuilder form and enable the Token option
  2. Send a mail using the form token. This link includes "_authx=Bearer..."
  3. Click the link on the received mail. - Should work and creates an authenticated session.
  4. Click the link again - fails with HTTP 401 Cannot login. Session already active.

Expected behaviour

There are two scenarios depending on whether it is the same user. This bug issue relates to the case where the user is the same. See #4464 (closed) for handling this where the user is different.

It the user is the same, it should just continue to the form without error.

Edited by ayduns
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information