http status 404 when session expires #4890

Closed
opened 2025-11-02 06:06:18 -06:00 by GiteaMirror · 4 comments
Owner

Originally created by @chmike on GitHub (Feb 19, 2020).

  • Gitea version (or commit ref): 1.11.1
  • Git version: 2.1.4
  • Operating system: Linux (Ubuntu)
  • Database (use [x]):
    • PostgreSQL
    • MySQL
    • MSSQL
    • SQLite
  • Can you reproduce the bug at https://try.gitea.io:
    • Yes (provide example URL)
    • No
    • Not relevant
  • Log gist:

Description

When a session expires and the page is reloaded, we get an http status 404. Multiple clicks are then required after the login form to get back to the page I just wanted to access/reload.

Instead of the 404 error page, I would expect to see a page with a login form, and that, after I login, I land on the page I wanted to access/reload.

Originally created by @chmike on GitHub (Feb 19, 2020). - Gitea version (or commit ref): 1.11.1 - Git version: 2.1.4 - Operating system: Linux (Ubuntu) - Database (use `[x]`): - [ ] PostgreSQL - [ ] MySQL - [ ] MSSQL - [x] SQLite - Can you reproduce the bug at https://try.gitea.io: - [ ] Yes (provide example URL) - [ ] No - [x] Not relevant - Log gist: ## Description When a session expires and the page is reloaded, we get an http status 404. Multiple clicks are then required after the login form to get back to the page I just wanted to access/reload. Instead of the 404 error page, I would expect to see a page with a login form, and that, after I login, I land on the page I wanted to access/reload.
Author
Owner

@zeripath commented on GitHub (Feb 19, 2020):

Because we do not want to expose information that private repos exist we have to return 404 if you try to look at them and you don't have access.

What we should do however is make it easy to login from the 404 page.

@zeripath commented on GitHub (Feb 19, 2020): Because we do not want to expose information that private repos exist we have to return 404 if you try to look at them and you don't have access. What we should do however is make it easy to login from the 404 page.
Author
Owner

@chmike commented on GitHub (Feb 19, 2020):

How would you expose information that private repos exist ?

@chmike commented on GitHub (Feb 19, 2020): How would you expose information that private repos exist ?
Author
Owner

@zeripath commented on GitHub (Feb 19, 2020):

If you return 404 only when something does not exist and 403 or redirect to login when it does but you are logged out then you're exposing the existence of that repo etc.

@zeripath commented on GitHub (Feb 19, 2020): If you return 404 only when something does not exist and 403 or redirect to login when it does but you are logged out then you're exposing the existence of that repo etc.
Author
Owner

@chmike commented on GitHub (Feb 19, 2020):

I understand now why the 404 page is shown, even though it is inconvenient.

@chmike commented on GitHub (Feb 19, 2020): I understand now why the 404 page is shown, even though it is inconvenient.
Sign in to join this conversation.
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/gitea#4890