Good point, though you can set the proper redirect in the function login() in UserController, what is destroyed in logout for Session is Auth. You may set a separate Session or Cookie for last logged user and check if same with the current user the redirect Auth->redirect else redirect anywhere else.
On Sat, Jul 5, 2014 at 10:31 PM, Gagik Navasardyan <gag...@gmail.com> wrote: > Yes I'm sure that the Auth->logout action is being called, and the old > session is certainly being destroyed too, before the new session is created. > > - I tried to rewrite the 'Auth.redirect' property before the Auth->logout > action call, it have no effect because session is being destroyed. > - I tried to rewrite that property after the Auth->logout call, of course > it have no effect either, because as I understand after the Auth->logout > call the script terminates (by calling return). > > I made a little research and found the following code in <path to > CakePHP>/lib/Cake/Controller/Component/AuthComponent.php (protected > function _unauthenticated) > > > if ($this->_isLoginAction($controller)) { > if (empty($controller->request->data)) { > if (!$this->Session->check('Auth.redirect') && > env('HTTP_REFERER')) { > $this->Session->write('Auth.redirect', > $controller->referer(null, true)); > } > } > return true; > } > > It seems to me that this code is responsible for users login, as we can > understand from code: > - if user doesn't have the 'Auth.redirect' property set, means this is a > new(not logged in) user who needs to login in order to view restricted > content(for example after search) or user whom session is expired, then > CakePHP redirects the user on the page on which he was before. And this is > really a good idea. > > But as I understand this is creating my problem, because after the > Auth->logout action call Session is being destroyed, means there is no > 'Auth.redirect' property, so CakePHP setting the 'Auth.redirect' from HTTP > referer, and as I said this is good if user is coming from any place and > needs to login(again for example from search), or user session is expired, > but if user clicks the logout link and logs out he doesn't expect that > after loging-in again he will return on the page on which he was before, he > must be redirected not to the HTTP referer page, but the 'loginRedirect' > page. > > > > On Tuesday, 1 July 2014 13:14:48 UTC+10, Jeremy Burns wrote: > >> Are you certain the Auth->logout action is being called? Is the session >> clear (destroyed) after logout? >> >> On 28 Jun 2014, at 12:54, Gagik Navasardyan <gag...@gmail.com> wrote: >> >> Hi everyone. >> >> I have one question. >> >> I'm working on an application which is working in local network and >> acting as POS(Point of Sale). As you understand it's based on CakePHP >> framework. >> Now I'm encountering a strange behaviour, and I don't know is it a bug or >> not, so I've decided to ask you a question here. >> >> - I'm using CakePHP 2.4.2 and the built-in AuthComponent for >> authentication >> >> - *The thing is,* after user logs out and another user logs in (using >> the same computer and browser), he is being redirected to the page on which >> the previous user was when logged out. Instead of being redirected to the >> URL defined in 'loginRedirect' >> >> - In this application I'm using role based user permissions system, and >> the most of time system throwing permission error, because newly logged in >> user doesn't have permission to view the page on which previous user was >> when logged out. >> >> This behaviour is very strange to me, because as I know the logout >> function is destroying session, but it seems keeping the last visited URL >> of the previous user in the 'Auth.redirect' property in the new session. >> This seems a little bit strange to me, because I'm expecting this kind of >> redirect in a few cases like: >> - If user session expired and user have to login again. >> - user trying to access to a page which is requiring authentication. >> >> I analised the code and clearly the problem is in the framework core, and >> there is no way to rewrite the 'Auth.redirect' property either before or >> after the 'logout' function call (in any case the session being destroyed >> and as I understand CakePHP taking and writing the last visited page URL to >> the new session from HTTP REFERER). >> >> >> So question: >> Is this a Normal behaviour, and there are some reason why this must be >> this way, or this is a bug? >> >> -- >> Like Us on FaceBook https://www.facebook.com/CakePHP >> Find us on Twitter http://twitter.com/CakePHP >> >> --- >> You received this message because you are subscribed to the Google Groups >> "CakePHP" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to cake-php+u...@googlegroups.com. >> To post to this group, send email to cake...@googlegroups.com. >> >> Visit this group at http://groups.google.com/group/cake-php. >> For more options, visit https://groups.google.com/d/optout. >> >> >> -- > Like Us on FaceBook https://www.facebook.com/CakePHP > Find us on Twitter http://twitter.com/CakePHP > > --- > You received this message because you are subscribed to the Google Groups > "CakePHP" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to cake-php+unsubscr...@googlegroups.com. > To post to this group, send email to cake-php@googlegroups.com. > Visit this group at http://groups.google.com/group/cake-php. > For more options, visit https://groups.google.com/d/optout. > -- Like Us on FaceBook https://www.facebook.com/CakePHP Find us on Twitter http://twitter.com/CakePHP --- You received this message because you are subscribed to the Google Groups "CakePHP" group. To unsubscribe from this group and stop receiving emails from it, send an email to cake-php+unsubscr...@googlegroups.com. To post to this group, send email to cake-php@googlegroups.com. Visit this group at http://groups.google.com/group/cake-php. For more options, visit https://groups.google.com/d/optout.