OK, I think this is the most suitable workaround for this case. Thank you very much.
On Wednesday, July 9, 2014 4:01:37 AM UTC+10, bugoy wrote: > > Good point, though you can set the proper redirect in the function login() > in UserController, what is destroyed in logout for Session is Auth. You may > set a separate Session or Cookie for last logged user and check if same > with the current user the redirect Auth->redirect else redirect anywhere > else. > > > On Sat, Jul 5, 2014 at 10:31 PM, Gagik Navasardyan <gag...@gmail.com > <javascript:>> wrote: > >> Yes I'm sure that the Auth->logout action is being called, and the old >> session is certainly being destroyed too, before the new session is created. >> >> - I tried to rewrite the 'Auth.redirect' property before the Auth->logout >> action call, it have no effect because session is being destroyed. >> - I tried to rewrite that property after the Auth->logout call, of course >> it have no effect either, because as I understand after the Auth->logout >> call the script terminates (by calling return). >> >> I made a little research and found the following code in <path to >> CakePHP>/lib/Cake/Controller/Component/AuthComponent.php (protected >> function _unauthenticated) >> >> >> if ($this->_isLoginAction($controller)) { >> if (empty($controller->request->data)) { >> if (!$this->Session->check('Auth.redirect') && >> env('HTTP_REFERER')) { >> $this->Session->write('Auth.redirect', >> $controller->referer(null, true)); >> } >> } >> return true; >> } >> >> It seems to me that this code is responsible for users login, as we can >> understand from code: >> - if user doesn't have the 'Auth.redirect' property set, means this is a >> new(not logged in) user who needs to login in order to view restricted >> content(for example after search) or user whom session is expired, then >> CakePHP redirects the user on the page on which he was before. And this is >> really a good idea. >> >> But as I understand this is creating my problem, because after the >> Auth->logout action call Session is being destroyed, means there is no >> 'Auth.redirect' property, so CakePHP setting the 'Auth.redirect' from HTTP >> referer, and as I said this is good if user is coming from any place and >> needs to login(again for example from search), or user session is expired, >> but if user clicks the logout link and logs out he doesn't expect that >> after loging-in again he will return on the page on which he was before, he >> must be redirected not to the HTTP referer page, but the 'loginRedirect' >> page. >> >> >> >> On Tuesday, 1 July 2014 13:14:48 UTC+10, Jeremy Burns wrote: >> >>> Are you certain the Auth->logout action is being called? Is the session >>> clear (destroyed) after logout? >>> >>> On 28 Jun 2014, at 12:54, Gagik Navasardyan <gag...@gmail.com> wrote: >>> >>> Hi everyone. >>> >>> I have one question. >>> >>> I'm working on an application which is working in local network and >>> acting as POS(Point of Sale). As you understand it's based on CakePHP >>> framework. >>> Now I'm encountering a strange behaviour, and I don't know is it a bug >>> or not, so I've decided to ask you a question here. >>> >>> - I'm using CakePHP 2.4.2 and the built-in AuthComponent for >>> authentication >>> >>> - *The thing is,* after user logs out and another user logs in (using >>> the same computer and browser), he is being redirected to the page on which >>> the previous user was when logged out. Instead of being redirected to the >>> URL defined in 'loginRedirect' >>> >>> - In this application I'm using role based user permissions system, and >>> the most of time system throwing permission error, because newly logged in >>> user doesn't have permission to view the page on which previous user was >>> when logged out. >>> >>> This behaviour is very strange to me, because as I know the logout >>> function is destroying session, but it seems keeping the last visited URL >>> of the previous user in the 'Auth.redirect' property in the new session. >>> This seems a little bit strange to me, because I'm expecting this kind >>> of redirect in a few cases like: >>> - If user session expired and user have to login again. >>> - user trying to access to a page which is requiring authentication. >>> >>> I analised the code and clearly the problem is in the framework core, >>> and there is no way to rewrite the 'Auth.redirect' property either before >>> or after the 'logout' function call (in any case the session being >>> destroyed and as I understand CakePHP taking and writing the last visited >>> page URL to the new session from HTTP REFERER). >>> >>> >>> So question: >>> Is this a Normal behaviour, and there are some reason why this must be >>> this way, or this is a bug? >>> >>> -- >>> Like Us on FaceBook https://www.facebook.com/CakePHP >>> Find us on Twitter http://twitter.com/CakePHP >>> >>> --- >>> You received this message because you are subscribed to the Google >>> Groups "CakePHP" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to cake-php+u...@googlegroups.com. >>> To post to this group, send email to cake...@googlegroups.com. >>> >>> Visit this group at http://groups.google.com/group/cake-php. >>> For more options, visit https://groups.google.com/d/optout. >>> >>> >>> -- >> Like Us on FaceBook https://www.facebook.com/CakePHP >> Find us on Twitter http://twitter.com/CakePHP >> >> --- >> You received this message because you are subscribed to the Google Groups >> "CakePHP" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to cake-php+u...@googlegroups.com <javascript:>. >> To post to this group, send email to cake...@googlegroups.com >> <javascript:>. >> Visit this group at http://groups.google.com/group/cake-php. >> For more options, visit https://groups.google.com/d/optout. >> > > -- Like Us on FaceBook https://www.facebook.com/CakePHP Find us on Twitter http://twitter.com/CakePHP --- You received this message because you are subscribed to the Google Groups "CakePHP" group. To unsubscribe from this group and stop receiving emails from it, send an email to cake-php+unsubscr...@googlegroups.com. To post to this group, send email to cake-php@googlegroups.com. Visit this group at http://groups.google.com/group/cake-php. For more options, visit https://groups.google.com/d/optout.