POST request fails if user not authenticated

I've just lost a large post to 2117, because of the above bug! (Pressing back caused the page to be reloaded because of the [sodding] uncachability---and hence lose the post that wasn't able to be submitted).

This is a bug that I've experienced *enough times* in my first 24 hours of trying to use Malone that I'm wondering if I can really be bothered to waste time writing details if there is a 33% of losing them.

Yes, this is 10x more annoying that not being able to post a bug-report in the first place.

It's interesting that I never encountered an uncacheability problem with a Malone bug page, though. I suspect this bug is a dupe, but I need to find it.

Of the two parts, it's very easy to verify the first part. By going to:

  https://launchpad.net/products/malone/+filebug

and then deleting the launchpad.net authenication cookie in your web-browser. Submitting the page now results in the message about an Unauthenicated User.

For part two, the other possibility is that the text is/was disappearing behind the ''Add a comment to this bug'' drop down. Some javascript would probably solve this by expanding the drop-down if the contents are found to be != "".

Authentication is now (very) persistant, so this bug should rarely bite people now.

I think this is pretty much fixed now I think :)

Not as important now, because it occurs only if you clear your cookies. But it's still a problem that (for example) Bugzilla has solved.

<m-c> Getting an "Application error." when trying to reset user password, on Launchpad.
<andrea-bs> m-c: do you get an OOPS?
<m-c> andrea-bs: The complete error is, "Application error. Unauthenticated user POSTing to page that requires authentication."
<m-c> This is immediately after completing the "Reset password" form.
<andrea-bs> m-c: this seems a browser problem, not a launchpad issue
<andrea-bs> m-c: which web browser are you using?
<m-c> Are there third-party cookies that I need to allow? I am using Firefox 3 (default with Ubuntu 8.04.1).
<andrea-bs> m-c: I've tried to reset my password wit FF3 and I get no error, can you tell me which is the exact page where you get the error, please?
<m-c> Let me try it again. The page I was repeatedly getting errors, previously was: " https://edge.launchpad.net/token/qrZdBgTtSm332KLBmD6B/+resetpassword "
<andrea-bs> m-c: this seems bug #2115, can you confirm this?
<ubottu> Launchpad bug 2115 in launchpad "POST request fails if user not authenticated (eg. launchpad restarted)" [Low,Confirmed] https://launchpad.net/bugs/2115
<m-c> Just tried it again, with the same results. Going to look at the bug now.
<andrea-bs> m-c: what happens deleting your cookies?
<m-c> I am not real eager to delete all my cookies...
<m-c> But for the sake of Launchpad, I will give it a try!
<andrea-bs> m-c: you can delete just the .launchpad.net cookies if you prefer
<m-c> After removing all cookies, I was able to login, thank you very much!

I ran into this error while working on the launchpadlib trusted client. I'm sniffing this string to provide a good user experience. My code would be more robust if this error was accompanied by a 401 response code ("Unauthorized") instead of 500 ("Internal Server Error").

I've tweaked the description because it was inaccurate (we restart LP very often - the session database is persistent). That said, while I can imagine possible improvements here, dealing with anonymous POST is really very tricky, and I think we're better off not doing that on the server side: better for client browsers to let users retry (which they do) - and the user to just log in in another tab and hit the retry button on their browser.

If we OOPS when this happens, we can and should fix that.