Details
-
Type:
Bug
-
Status: Closed
-
Priority:
Minor
-
Resolution: Fixed
-
Affects Version/s: 3.3.5, 3.4
-
Component/s: Authentication
-
Labels:
Description
The pre-signup (minor check) session is not deleted upon user sign up. The session being still present means the user can bypass the minor check (if activated) when attempting to create another account.
Steps to replicate:
- As admin:
- enable 'Digital age of consent verification' (Site administration > Privacy Settings).
- set 'Self registration' = 'Email-based self-registration' (Site administration > Plugins > Authentication > Manage authentication).
- Logout as Admin.
- In "Home" page follow the "Log in" link.
- In the Login page click on "Create new account".
- The 'Age and location verification' page should be displayed; fill out the form and make sure you the user is not a digital minor:
- 'What is your age?' = 30
- 'In which country do you live?' = Austria
- Click "Proceed"
- The signup page should be displayed; fill out the form and press "Create my new account".
- After creation go back to "Home" page; follow the "Log in" link.
- In the Login page click on "Create new account".
- you are directed to the 'Signup' page instead of 'Age and location verification' page.
Attachments
Issue Links
- has a non-specific relationship to
-
MDL-63677 Random redirection during policy agreement and signup
-
- Closed
-