Poor UX when trying to open multiple GitLab links in new tabs when signed out

Everyone can contribute. Help move this issue forward while earning points, leveling up and collecting rewards.

Summary

I go on vacation for a week. I come back. I read our Slack channel backlog and middle-click on all the merge request links to our on-premises GitLab CE installation to review them.

I then discover that my login session expired and I need to sign in to GitLab. I do so in the first new tab and I see the page I wanted. I switch to the 2nd tab and see the sign in form again, with the password heplfully pre-filled by my browser. I click the submit button, but this time, instead of the page I tried to see, I get a 422 error page.

I can try going back and forwards in history, but that only leads me to the GitLab front page (if I go back) or to the 422 error page (after confirming repeated form submission; if I go forward). I cannot get or even see the original URL of the multiple pages that I tried to open. I have to trawl the entire Slack channel backlog again and select all the links again. This is annoying and leads to cursing and bad publicity on Twitter.

Steps to reproduce

  1. Sign out (or open an incognito window)
  2. Open at least two GitLab links in new tabs
  3. Sign in in the first tab
  4. Sign in in the second tab

Expected behavior

I can see both pages I opened in the two tabs

Actual behavior

The 2nd tab shows a 422 Error.

Relevant logs and/or screenshots

/var/log/gitlab/gitlab-rails/production.log says

Started POST "/users/sign_in" for <my-IP-address> at 2016-12-30 07:06:38 +0000
Processing by SessionsController#create as HTML
  Parameters: {"utf8"=>"✓", "authenticity_token"=>"+/3WuwjwYaaMmBKs91S0weCy3OuBXuGuLYkwSfnnVqAKVOSo9xSZ5QfKCamhbpmsFjh/H00Uq7mAj3pxlysi6w==", "user"=>{"login"=>myusername", "password"=>"[FILTERED]", "remember_me"=>"0"}}
Can't verify CSRF token authenticity
Completed 422 Unprocessable Entity in 6ms (ActiveRecord: 0.7ms)

ActionController::InvalidAuthenticityToken (ActionController::InvalidAuthenticityToken):
  lib/gitlab/middleware/multipart.rb:93:in `call'
  lib/gitlab/request_profiler/middleware.rb:15:in `call'
  lib/gitlab/middleware/go.rb:16:in `call'

Here's a screenshot:

Ekrano_nuotrauka_iš_2016-12-30_09-05-02

Output of checks

Results of GitLab application Check

$ sudo gitlab-rake gitlab:check SANITIZE=true
Checking GitLab Shell ...

GitLab Shell version >= 4.1.1 ? ... OK (4.1.1)
Repo base directory exists?
default... yes
Repo storage directories are symlinks?
default... no
Repo paths owned by git:git?
default... yes
Repo paths access is drwxrws---?
default... yes
hooks directories in repos are links: ... 
6/1 ... ok
6/2 ... ok
6/4 ... ok
6/5 ... ok
6/6 ... ok
6/7 ... ok
6/8 ... ok
6/9 ... ok
6/10 ... ok
6/11 ... ok
23/12 ... ok
Running /opt/gitlab/embedded/service/gitlab-shell/bin/check
Check GitLab API access: OK
Access to /var/opt/gitlab/.ssh/authorized_keys: OK
Send ping to redis server: OK
gitlab-shell self-check successful

Checking GitLab Shell ... Finished

Checking Sidekiq ...

Running? ... yes
Number of Sidekiq processes ... 1

Checking Sidekiq ... Finished

Checking Reply by email ...

Reply by email is disabled in config/gitlab.yml

Checking Reply by email ... Finished

Checking LDAP ...

LDAP is disabled in config/gitlab.yml

Checking LDAP ... Finished

Checking GitLab ...

Git configured with autocrlf=input? ... yes
Database config exists? ... yes
All migrations up? ... yes
Database contains orphaned GroupMembers? ... no
GitLab config exists? ... yes
GitLab config outdated? ... no
Log directory writable? ... yes
Tmp directory writable? ... yes
Uploads directory setup correctly? ... yes
Init script exists? ... skipped (omnibus-gitlab has no init script)
Init script up-to-date? ... skipped (omnibus-gitlab has no init script)
projects have namespace: ... 
6/1 ... yes
6/2 ... yes
6/4 ... yes
6/5 ... yes
6/6 ... yes
6/7 ... yes
6/8 ... yes
6/9 ... yes
6/10 ... yes
6/11 ... yes
23/12 ... yes
Redis version >= 2.8.0? ... yes
Ruby version >= 2.1.0 ? ... yes (2.3.3)
Your git bin path is "/opt/gitlab/embedded/bin/git"
Git version >= 2.7.3 ? ... yes (2.8.4)
Active users: 15

Checking GitLab ... Finished

Results of GitLab environment info

$ sudo gitlab-rake gitlab:env:info

System information
System:		Debian 8.6
Current User:	git
Using RVM:	no
Ruby Version:	2.3.3p222
Gem Version:	2.6.6
Bundler Version:1.13.7
Rake Version:	10.5.0
Sidekiq Version:4.2.7

GitLab information
Version:	8.15.2
Revision:	790035f
Directory:	/opt/gitlab/embedded/service/gitlab-rails
DB Adapter:	postgresql
URL:		https://bolagsfakta-gitlab.pov.lt
HTTP Clone URL:	https://bolagsfakta-gitlab.pov.lt/some-group/some-project.git
SSH Clone URL:	git@bolagsfakta-gitlab.pov.lt:some-group/some-project.git
Using LDAP:	no
Using Omniauth:	no

GitLab Shell
Version:	4.1.1
Repository storage paths:
- default: 	/var/opt/gitlab/git-data/repositories
Hooks:		/opt/gitlab/embedded/service/gitlab-shell/hooks/
Git:		/opt/gitlab/embedded/bin/git
Edited by 🤖 GitLab Bot 🤖