I'm experiencing the same problem. (updated to I figured out/have a fix/workaround to this problem read on) More details of what I've found. I've set my sessions.save to database so I could look at the session data at different points. The one thing i've noticed is AFTER I logout the session has the last controller action that I was on stored in Auth.redirect as in Auth.redirect = '/permissions'
Even if I add $this->Session->del('Auth.redirect') to my logout function. if I then try to logon with a user who does NOT have rights to / permissions I get an auth redirect error of you do not have rights to access that area. I've added plenty of $this->log() statements to see what functions are being called in what order. However I can not quite pinpoint the problem. ...... As I was typing that last sentence I had an idea, and I've figured out what is happening. This requires many factors which is why it seems to be so sporadic. 1. $this->Auth->logoutRedirect = array('controller' => 'users', 'action' => 'login'); 2. $this->Auth->loginAction = array('controller' => 'users', 'action' => 'login'); For me it only made sense to redirect to the login page after you logout. 3. You have a link somewhere on your page to call logout. mine is currently part of my layout. 4. you click on the logout link while on a controller/action view I've been testing with /permissions/index. My logout looks much like those that have been posted before: function logout(){ $this->Session->del('Permissions'); $this->redirect($this->Auth->logout()); } What happens: your users_controller.logout is called and executes normally auth.logout is called and executes normally and redirects as instructed to: /users/login auth.startup is called and around line 300 the code checks to see if the url is the login action (i've added alot of $this->logs so my line numbers won't match right now) It will be, and inside that condition a call is made to: $this->Session->write('Auth.redirect', $controller->referer()); turns out $controller->referer() happens to be the controller / permissions/index that we were on when we initiated this whole process by calling logout. if I type in the url of my browser http://localhost/users/logout The user is logged out normally the redirect to the login page is called and nothing is saved to the Auth.redirect as it should be. Ideas on how to fix this. As this little chunk of code in the auth startup is to deal with visiting a page that requires authentication, authenticating and then returning to the visited page, I would like to keep that functionality. My idea is to throw a var in session during logout and check that during startup. if we are redirecting to login from a logout this condition would be true and we could safely skip saving the redirect in that case. however if we are being redirected to login from a failed authorize, then we would save the redirect, so that after logging in we would be redirected appropriatly. I've tested this and it works good. However I don't believe this to be the best solution for this prblem. You will need to modify your core auth.php as it is 2am, I will provide the code here, and add a ticket to trac sometime after I sleep Here are the changes I made Auth.php at about line 300 look for this: if ($loginAction == $url) { if (empty($controller->data) || !isset($controller->data[$this- >userModel])) { if (!$this->Session->check('Auth.redirect') && env('HTTP_REFERER')) { $this->log('302 session.write auth.redirect '.$url); $this->log('Controller->referer()'.$controller->referer()); $this->Session->write('Auth.redirect', $controller->referer()); } return false; } ----- Change to: ----- if ($loginAction == $url) { if (empty($controller->data) || !isset($controller->data[$this- >userModel])) { if (!$this->Session->check('Auth.redirect') && env('HTTP_REFERER') && !$this->Session->check('Auth.loggedout')) { $this->log('302 session.write auth.redirect '.$url); $this->log('Controller->referer()'.$controller->referer()); $this->Session->write('Auth.redirect', $controller->referer()); } return false; } ----- Then change the auth logout function to look like: function logout() { $this->__setDefaults(); $this->Session->del($this->sessionKey); $this->Session->del('Auth.redirect'); $this->Session->write('Auth.loggedout',true); $this->_loggedIn = false; return Router::normalize($this->logoutRedirect); } I hope this is helpful to everyone. I've spent a better part of a day chasing this little bugger. Ah, now I should be able to sleep, Catch you all in the morning! LunarDraco (mdcatc on irc) On Sep 26, 9:00 am, Tony Thomas <[EMAIL PROTECTED]> wrote: > This gives me an "unexpected T_VARIABLE" error on the line with $this- > > >Auth->autoRedirect = FALSE; > > I think the algorithm might be right, but the syntax is wrong. > > On Sep 17, 12:20 pm, "Okto Silaban" <[EMAIL PROTECTED]> wrote: > > > I'm not really sure, but I think : > > $this->Auth->loginRedirect > > > doesn't tell we're we gonna go after logging in.. > > > But, if we're acessing an area which not allowed by Auth, we will sent to > > that page.. (if you're not login yet..). > > > So I set that in beforeFilter : > > > function beforeFilter() { > > $this->Auth->loginRedirect = array('controller' => 'controller_name', > > 'action' => 'index'); > > $this->Auth->autoRedirect = FALSE; // so after logging in we're not auto > > redirected > > > } > > > then manually set > > > function login() { > > $this->redirect('somewhere'); > > exit(); > > > } > > On Tue, Sep 9, 2008 at 10:12 PM, Tony Thomas <[EMAIL PROTECTED]> wrote: > > > > If someone is familiar with a post to this group or blog entry that > > > addresses this issue, please let me know. I've spent the morning > > > scouring both with no satisfactory results. > > > > I have a cakePHP app on a shared server. In local testing, everything > > > worked fine. But mod_rewrite did not function properly on the shared > > > server, so I'm using CakePHP pretty URLS instead. Also caching (at > > > least temporarily) is off. I've uncommented the pertinent lines of > > > code in core.php and I've dutifully deleted the .htaccess files. > > > > The problem I have is that after logging in, the redirect is > > > inconsistent. About 2/3 of the time I get redirected to > > >https://[base_url]/https:/[domain]. I just can't seem to find away > > > around this problem. > > > > My login function looks like this: > > > > function login() { > > > $this->Auth->loginRedirect = array('controller' => > > > 'controller_name', 'action' => 'index'); > > > } > > > > I still get inconsistent results with the redirect going to a URL like > > > the former example the majority of the time. Any insight, links, etc. > > > would be appreciated. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "CakePHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~----------~----~----~----~------~----~------~--~---