OK, I think this is the most suitable workaround for this case.
Thank you very much.
On Wednesday, July 9, 2014 4:01:37 AM UTC+10, bugoy wrote:
>
> Good point, though you can set the proper redirect in the function login()
> in UserController, what is destroyed in logout for Session is Auth. You may
> set a separate Session or Cookie for last logged user and check if same
> with the current user the redirect Auth->redirect else redirect anywhere
> else.
>
>
> On Sat, Jul 5, 2014 at 10:31 PM, Gagik Navasardyan <gag...@gmail.com
> <javascript:>> wrote:
>
>> Yes I'm sure that the Auth->logout action is being called, and the old
>> session is certainly being destroyed too, before the new session is created.
>>
>> - I tried to rewrite the 'Auth.redirect' property before the Auth->logout
>> action call, it have no effect because session is being destroyed.
>> - I tried to rewrite that property after the Auth->logout call, of course
>> it have no effect either, because as I understand after the Auth->logout
>> call the script terminates (by calling return).
>>
>> I made a little research and found the following code in <path to
>> CakePHP>/lib/Cake/Controller/Component/AuthComponent.php (protected
>> function _unauthenticated)
>>
>>
>> if ($this->_isLoginAction($controller)) {
>> if (empty($controller->request->data)) {
>> if (!$this->Session->check('Auth.redirect') &&
>> env('HTTP_REFERER')) {
>> $this->Session->write('Auth.redirect',
>> $controller->referer(null, true));
>> }
>> }
>> return true;
>> }
>>
>> It seems to me that this code is responsible for users login, as we can
>> understand from code:
>> - if user doesn't have the 'Auth.redirect' property set, means this is a
>> new(not logged in) user who needs to login in order to view restricted
>> content(for example after search) or user whom session is expired, then
>> CakePHP redirects the user on the page on which he was before. And this is
>> really a good idea.
>>
>> But as I understand this is creating my problem, because after the
>> Auth->logout action call Session is being destroyed, means there is no
>> 'Auth.redirect' property, so CakePHP setting the 'Auth.redirect' from HTTP
>> referer, and as I said this is good if user is coming from any place and
>> needs to login(again for example from search), or user session is expired,
>> but if user clicks the logout link and logs out he doesn't expect that
>> after loging-in again he will return on the page on which he was before, he
>> must be redirected not to the HTTP referer page, but the 'loginRedirect'
>> page.
>>
>>
>>
>> On Tuesday, 1 July 2014 13:14:48 UTC+10, Jeremy Burns wrote:
>>
>>> Are you certain the Auth->logout action is being called? Is the session
>>> clear (destroyed) after logout?
>>>
>>> On 28 Jun 2014, at 12:54, Gagik Navasardyan <gag...@gmail.com> wrote:
>>>
>>> Hi everyone.
>>>
>>> I have one question.
>>>
>>> I'm working on an application which is working in local network and
>>> acting as POS(Point of Sale). As you understand it's based on CakePHP
>>> framework.
>>> Now I'm encountering a strange behaviour, and I don't know is it a bug
>>> or not, so I've decided to ask you a question here.
>>>
>>> - I'm using CakePHP 2.4.2 and the built-in AuthComponent for
>>> authentication
>>>
>>> - *The thing is,* after user logs out and another user logs in (using
>>> the same computer and browser), he is being redirected to the page on which
>>> the previous user was when logged out. Instead of being redirected to the
>>> URL defined in 'loginRedirect'
>>>
>>> - In this application I'm using role based user permissions system, and
>>> the most of time system throwing permission error, because newly logged in
>>> user doesn't have permission to view the page on which previous user was
>>> when logged out.
>>>
>>> This behaviour is very strange to me, because as I know the logout
>>> function is destroying session, but it seems keeping the last visited URL
>>> of the previous user in the 'Auth.redirect' property in the new session.
>>> This seems a little bit strange to me, because I'm expecting this kind
>>> of redirect in a few cases like:
>>> - If user session expired and user have to login again.
>>> - user trying to access to a page which is requiring authentication.
>>>
>>> I analised the code and clearly the problem is in the framework core,
>>> and there is no way to rewrite the 'Auth.redirect' property either before
>>> or after the 'logout' function call (in any case the session being
>>> destroyed and as I understand CakePHP taking and writing the last visited
>>> page URL to the new session from HTTP REFERER).
>>>
>>>
>>> So question:
>>> Is this a Normal behaviour, and there are some reason why this must be
>>> this way, or this is a bug?
>>>
>>> --
>>> Like Us on FaceBook https://www.facebook.com/CakePHP
>>> Find us on Twitter http://twitter.com/CakePHP
>>>
>>> ---
>>> You received this message because you are subscribed to the Google
>>> Groups "CakePHP" group.
>>> To unsubscribe from this group and stop receiving emails from it, send
>>> an email to cake-php+u...@googlegroups.com.
>>> To post to this group, send email to cake...@googlegroups.com.
>>>
>>> Visit this group at http://groups.google.com/group/cake-php.
>>> For more options, visit https://groups.google.com/d/optout.
>>>
>>>
>>> --
>> Like Us on FaceBook https://www.facebook.com/CakePHP
>> Find us on Twitter http://twitter.com/CakePHP
>>
>> ---
>> You received this message because you are subscribed to the Google Groups
>> "CakePHP" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to cake-php+u...@googlegroups.com <javascript:>.
>> To post to this group, send email to cake...@googlegroups.com
>> <javascript:>.
>> Visit this group at http://groups.google.com/group/cake-php.
>> For more options, visit https://groups.google.com/d/optout.
>>
>
>
--
Like Us on FaceBook https://www.facebook.com/CakePHP
Find us on Twitter http://twitter.com/CakePHP
---
You received this message because you are subscribed to the Google Groups
"CakePHP" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to cake-php+unsubscr...@googlegroups.com.
To post to this group, send email to cake-php@googlegroups.com.
Visit this group at http://groups.google.com/group/cake-php.
For more options, visit https://groups.google.com/d/optout.
