I'm experiencing the same problem. (updated to I figured out/have a
fix/workaround to this problem read on)
More details of what I've found.
I've set my sessions.save to database so I could look at the session
data at different points.
The one thing i've noticed is AFTER I logout the session has the last
controller action that I was on stored in Auth.redirect as in
Auth.redirect = '/permissions'
Even if I add $this->Session->del('Auth.redirect') to my logout
function.
if I then try to logon with a user who does NOT have rights to /
permissions I get an auth redirect error of you do not have rights to
access that area.
I've added plenty of $this->log() statements to see what functions are
being called in what order. However I can not quite pinpoint the
problem.
......
As I was typing that last sentence I had an idea, and I've figured out
what is happening.
This requires many factors which is why it seems to be so sporadic.
1. $this->Auth->logoutRedirect = array('controller' => 'users',
'action' => 'login');
2. $this->Auth->loginAction = array('controller' => 'users', 'action'
=> 'login');
For me it only made sense to redirect to the login page after you
logout.
3. You have a link somewhere on your page to call logout. mine is
currently part of my layout.
4. you click on the logout link while on a controller/action view I've
been testing with /permissions/index.
My logout looks much like those that have been posted before:
function logout(){
$this->Session->del('Permissions');
$this->redirect($this->Auth->logout());
}
What happens:
your users_controller.logout is called and executes normally
auth.logout is called and executes normally and redirects as
instructed to: /users/login
auth.startup is called and around line 300 the code checks to see if
the url is the login action (i've added alot of $this->logs so my line
numbers won't match right now)
It will be, and inside that condition a call is made to:
$this->Session->write('Auth.redirect', $controller->referer());
turns out $controller->referer() happens to be the controller /
permissions/index that we were on when we initiated this whole process
by calling logout.
if I type in the url of my browser
http://localhost/users/logout
The user is logged out normally
the redirect to the login page is called
and nothing is saved to the Auth.redirect as it should be.
Ideas on how to fix this.
As this little chunk of code in the auth startup is to deal with
visiting a page that requires authentication, authenticating and then
returning to the visited page, I would like to keep that
functionality.
My idea is to throw a var in session during logout
and check that during startup. if we are redirecting to login from a
logout this condition would be true and we could safely skip saving
the redirect in that case.
however if we are being redirected to login from a failed authorize,
then we would save the redirect, so that after logging in we would be
redirected appropriatly.
I've tested this and it works good. However I don't believe this to be
the best solution for this prblem.
You will need to modify your core auth.php as it is 2am, I will
provide the code here, and add a ticket to trac sometime after I sleep
Here are the changes I made
Auth.php
at about line 300 look for this:
if ($loginAction == $url) {
if (empty($controller->data) ||
!isset($controller->data[$this-
>userModel])) {
if (!$this->Session->check('Auth.redirect') &&
env('HTTP_REFERER')) {
$this->log('302 session.write
auth.redirect '.$url);
$this->log('Controller->referer()'.$controller->referer());
$this->Session->write('Auth.redirect',
$controller->referer());
}
return false;
}
-----
Change to:
-----
if ($loginAction == $url) {
if (empty($controller->data) ||
!isset($controller->data[$this-
>userModel])) {
if (!$this->Session->check('Auth.redirect') &&
env('HTTP_REFERER')
&& !$this->Session->check('Auth.loggedout')) {
$this->log('302 session.write
auth.redirect '.$url);
$this->log('Controller->referer()'.$controller->referer());
$this->Session->write('Auth.redirect',
$controller->referer());
}
return false;
}
-----
Then change the auth logout function to look like:
function logout() {
$this->__setDefaults();
$this->Session->del($this->sessionKey);
$this->Session->del('Auth.redirect');
$this->Session->write('Auth.loggedout',true);
$this->_loggedIn = false;
return Router::normalize($this->logoutRedirect);
}
I hope this is helpful to everyone. I've spent a better part of a day
chasing this little bugger.
Ah, now I should be able to sleep,
Catch you all in the morning!
LunarDraco (mdcatc on irc)
On Sep 26, 9:00 am, Tony Thomas <[EMAIL PROTECTED]> wrote:
> This gives me an "unexpected T_VARIABLE" error on the line with $this-
>
> >Auth->autoRedirect = FALSE;
>
> I think the algorithm might be right, but the syntax is wrong.
>
> On Sep 17, 12:20 pm, "Okto Silaban" <[EMAIL PROTECTED]> wrote:
>
> > I'm not really sure, but I think :
> > $this->Auth->loginRedirect
>
> > doesn't tell we're we gonna go after logging in..
>
> > But, if we're acessing an area which not allowed by Auth, we will sent to
> > that page.. (if you're not login yet..).
>
> > So I set that in beforeFilter :
>
> > function beforeFilter() {
> > $this->Auth->loginRedirect = array('controller' => 'controller_name',
> > 'action' => 'index');
> > $this->Auth->autoRedirect = FALSE; // so after logging in we're not auto
> > redirected
>
> > }
>
> > then manually set
>
> > function login() {
> > $this->redirect('somewhere');
> > exit();
>
> > }
> > On Tue, Sep 9, 2008 at 10:12 PM, Tony Thomas <[EMAIL PROTECTED]> wrote:
>
> > > If someone is familiar with a post to this group or blog entry that
> > > addresses this issue, please let me know. I've spent the morning
> > > scouring both with no satisfactory results.
>
> > > I have a cakePHP app on a shared server. In local testing, everything
> > > worked fine. But mod_rewrite did not function properly on the shared
> > > server, so I'm using CakePHP pretty URLS instead. Also caching (at
> > > least temporarily) is off. I've uncommented the pertinent lines of
> > > code in core.php and I've dutifully deleted the .htaccess files.
>
> > > The problem I have is that after logging in, the redirect is
> > > inconsistent. About 2/3 of the time I get redirected to
> > >https://[base_url]/https:/[domain]. I just can't seem to find away
> > > around this problem.
>
> > > My login function looks like this:
>
> > > function login() {
> > > $this->Auth->loginRedirect = array('controller' =>
> > > 'controller_name', 'action' => 'index');
> > > }
>
> > > I still get inconsistent results with the redirect going to a URL like
> > > the former example the majority of the time. Any insight, links, etc.
> > > would be appreciated.
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"CakePHP" group.
To post to this group, send email to cake-php@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/cake-php?hl=en
-~----------~----~----~----~------~----~------~--~---
