Re: CakePHP Login redirect
OK, I think this is the most suitable workaround for this case.
Thank you very much.
On Wednesday, July 9, 2014 4:01:37 AM UTC+10, bugoy wrote:
>
> Good point, though you can set the proper redirect in the function login()
> in UserController, what is destroyed in logout for Session is Auth. You may
> set a separate Session or Cookie for last logged user and check if same
> with the current user the redirect Auth->redirect else redirect anywhere
> else.
>
>
> On Sat, Jul 5, 2014 at 10:31 PM, Gagik Navasardyan > wrote:
>
>> Yes I'm sure that the Auth->logout action is being called, and the old
>> session is certainly being destroyed too, before the new session is created.
>>
>> - I tried to rewrite the 'Auth.redirect' property before the Auth->logout
>> action call, it have no effect because session is being destroyed.
>> - I tried to rewrite that property after the Auth->logout call, of course
>> it have no effect either, because as I understand after the Auth->logout
>> call the script terminates (by calling return).
>>
>> I made a little research and found the following code in > CakePHP>/lib/Cake/Controller/Component/AuthComponent.php (protected
>> function _unauthenticated)
>>
>>
>> if ($this->_isLoginAction($controller)) {
>> if (empty($controller->request->data)) {
>> if (!$this->Session->check('Auth.redirect') &&
>> env('HTTP_REFERER')) {
>> $this->Session->write('Auth.redirect',
>> $controller->referer(null, true));
>> }
>> }
>> return true;
>> }
>>
>> It seems to me that this code is responsible for users login, as we can
>> understand from code:
>> - if user doesn't have the 'Auth.redirect' property set, means this is a
>> new(not logged in) user who needs to login in order to view restricted
>> content(for example after search) or user whom session is expired, then
>> CakePHP redirects the user on the page on which he was before. And this is
>> really a good idea.
>>
>> But as I understand this is creating my problem, because after the
>> Auth->logout action call Session is being destroyed, means there is no
>> 'Auth.redirect' property, so CakePHP setting the 'Auth.redirect' from HTTP
>> referer, and as I said this is good if user is coming from any place and
>> needs to login(again for example from search), or user session is expired,
>> but if user clicks the logout link and logs out he doesn't expect that
>> after loging-in again he will return on the page on which he was before, he
>> must be redirected not to the HTTP referer page, but the 'loginRedirect'
>> page.
>>
>>
>>
>> On Tuesday, 1 July 2014 13:14:48 UTC+10, Jeremy Burns wrote:
>>
>>> Are you certain the Auth->logout action is being called? Is the session
>>> clear (destroyed) after logout?
>>>
>>> On 28 Jun 2014, at 12:54, Gagik Navasardyan wrote:
>>>
>>> Hi everyone.
>>>
>>> I have one question.
>>>
>>> I'm working on an application which is working in local network and
>>> acting as POS(Point of Sale). As you understand it's based on CakePHP
>>> framework.
>>> Now I'm encountering a strange behaviour, and I don't know is it a bug
>>> or not, so I've decided to ask you a question here.
>>>
>>> - I'm using CakePHP 2.4.2 and the built-in AuthComponent for
>>> authentication
>>>
>>> - *The thing is,* after user logs out and another user logs in (using
>>> the same computer and browser), he is being redirected to the page on which
>>> the previous user was when logged out. Instead of being redirected to the
>>> URL defined in 'loginRedirect'
>>>
>>> - In this application I'm using role based user permissions system, and
>>> the most of time system throwing permission error, because newly logged in
>>> user doesn't have permission to view the page on which previous user was
>>> when logged out.
>>>
>>> This behaviour is very strange to me, because as I know the logout
>>> function is destroying session, but it seems keeping the last visited URL
>>> of the previous user in the 'Auth.redirect' property in the new session.
>>> This seems a little bit strange to me, because I'm expecting this kind
>>> of redirect in a few cases like:
>>> - If user session expired and user have to login again.
>>> - user trying to access to a page which is requiring authentication.
>>>
>>> I analised the code and clearly the problem is in the framework core,
>>> and there is no way to rewrite the 'Auth.redirect' property either before
>>> or after the 'logout' function call (in any case the session being
>>> destroyed and as I understand CakePHP taking and writing the last visited
>>> page URL to the new session from HTTP REFERER).
>>>
>>>
>>> So question:
>>> Is this a Normal behaviour, and there are some reason why this must be
>>> this way, or this is a bug?
>>>
>>> --
>>> Like Us on FaceBook https://www.facebook.com/CakePHP
>>> Find us on Twitter http://twitter.com/CakePHP
>>>
>>> ---
>>
Re: CakePHP Login redirect
Good point, though you can set the proper redirect in the function login()
in UserController, what is destroyed in logout for Session is Auth. You may
set a separate Session or Cookie for last logged user and check if same
with the current user the redirect Auth->redirect else redirect anywhere
else.
On Sat, Jul 5, 2014 at 10:31 PM, Gagik Navasardyan wrote:
> Yes I'm sure that the Auth->logout action is being called, and the old
> session is certainly being destroyed too, before the new session is created.
>
> - I tried to rewrite the 'Auth.redirect' property before the Auth->logout
> action call, it have no effect because session is being destroyed.
> - I tried to rewrite that property after the Auth->logout call, of course
> it have no effect either, because as I understand after the Auth->logout
> call the script terminates (by calling return).
>
> I made a little research and found the following code in CakePHP>/lib/Cake/Controller/Component/AuthComponent.php (protected
> function _unauthenticated)
>
>
> if ($this->_isLoginAction($controller)) {
> if (empty($controller->request->data)) {
> if (!$this->Session->check('Auth.redirect') &&
> env('HTTP_REFERER')) {
> $this->Session->write('Auth.redirect',
> $controller->referer(null, true));
> }
> }
> return true;
> }
>
> It seems to me that this code is responsible for users login, as we can
> understand from code:
> - if user doesn't have the 'Auth.redirect' property set, means this is a
> new(not logged in) user who needs to login in order to view restricted
> content(for example after search) or user whom session is expired, then
> CakePHP redirects the user on the page on which he was before. And this is
> really a good idea.
>
> But as I understand this is creating my problem, because after the
> Auth->logout action call Session is being destroyed, means there is no
> 'Auth.redirect' property, so CakePHP setting the 'Auth.redirect' from HTTP
> referer, and as I said this is good if user is coming from any place and
> needs to login(again for example from search), or user session is expired,
> but if user clicks the logout link and logs out he doesn't expect that
> after loging-in again he will return on the page on which he was before, he
> must be redirected not to the HTTP referer page, but the 'loginRedirect'
> page.
>
>
>
> On Tuesday, 1 July 2014 13:14:48 UTC+10, Jeremy Burns wrote:
>
>> Are you certain the Auth->logout action is being called? Is the session
>> clear (destroyed) after logout?
>>
>> On 28 Jun 2014, at 12:54, Gagik Navasardyan wrote:
>>
>> Hi everyone.
>>
>> I have one question.
>>
>> I'm working on an application which is working in local network and
>> acting as POS(Point of Sale). As you understand it's based on CakePHP
>> framework.
>> Now I'm encountering a strange behaviour, and I don't know is it a bug or
>> not, so I've decided to ask you a question here.
>>
>> - I'm using CakePHP 2.4.2 and the built-in AuthComponent for
>> authentication
>>
>> - *The thing is,* after user logs out and another user logs in (using
>> the same computer and browser), he is being redirected to the page on which
>> the previous user was when logged out. Instead of being redirected to the
>> URL defined in 'loginRedirect'
>>
>> - In this application I'm using role based user permissions system, and
>> the most of time system throwing permission error, because newly logged in
>> user doesn't have permission to view the page on which previous user was
>> when logged out.
>>
>> This behaviour is very strange to me, because as I know the logout
>> function is destroying session, but it seems keeping the last visited URL
>> of the previous user in the 'Auth.redirect' property in the new session.
>> This seems a little bit strange to me, because I'm expecting this kind of
>> redirect in a few cases like:
>> - If user session expired and user have to login again.
>> - user trying to access to a page which is requiring authentication.
>>
>> I analised the code and clearly the problem is in the framework core, and
>> there is no way to rewrite the 'Auth.redirect' property either before or
>> after the 'logout' function call (in any case the session being destroyed
>> and as I understand CakePHP taking and writing the last visited page URL to
>> the new session from HTTP REFERER).
>>
>>
>> So question:
>> Is this a Normal behaviour, and there are some reason why this must be
>> this way, or this is a bug?
>>
>> --
>> Like Us on FaceBook https://www.facebook.com/CakePHP
>> Find us on Twitter http://twitter.com/CakePHP
>>
>> ---
>> You received this message because you are subscribed to the Google Groups
>> "CakePHP" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to cake-php+u...@googlegroups.com.
>> To post to this group, send email to cake...@googlegroups.com.
>>
>> Visit this group at http://groups.g
Re: CakePHP Login redirect
Yes I'm sure that the Auth->logout action is being called, and the old
session is certainly being destroyed too, before the new session is created.
- I tried to rewrite the 'Auth.redirect' property before the Auth->logout
action call, it have no effect because session is being destroyed.
- I tried to rewrite that property after the Auth->logout call, of course
it have no effect either, because as I understand after the Auth->logout
call the script terminates (by calling return).
I made a little research and found the following code in /lib/Cake/Controller/Component/AuthComponent.php (protected
function _unauthenticated)
if ($this->_isLoginAction($controller)) {
if (empty($controller->request->data)) {
if (!$this->Session->check('Auth.redirect') &&
env('HTTP_REFERER')) {
$this->Session->write('Auth.redirect',
$controller->referer(null, true));
}
}
return true;
}
It seems to me that this code is responsible for users login, as we can
understand from code:
- if user doesn't have the 'Auth.redirect' property set, means this is a
new(not logged in) user who needs to login in order to view restricted
content(for example after search) or user whom session is expired, then
CakePHP redirects the user on the page on which he was before. And this is
really a good idea.
But as I understand this is creating my problem, because after the
Auth->logout action call Session is being destroyed, means there is no
'Auth.redirect' property, so CakePHP setting the 'Auth.redirect' from HTTP
referer, and as I said this is good if user is coming from any place and
needs to login(again for example from search), or user session is expired,
but if user clicks the logout link and logs out he doesn't expect that
after loging-in again he will return on the page on which he was before, he
must be redirected not to the HTTP referer page, but the 'loginRedirect'
page.
On Tuesday, 1 July 2014 13:14:48 UTC+10, Jeremy Burns wrote:
>
> Are you certain the Auth->logout action is being called? Is the session
> clear (destroyed) after logout?
>
> On 28 Jun 2014, at 12:54, Gagik Navasardyan > wrote:
>
> Hi everyone.
>
> I have one question.
>
> I'm working on an application which is working in local network and acting
> as POS(Point of Sale). As you understand it's based on CakePHP framework.
> Now I'm encountering a strange behaviour, and I don't know is it a bug or
> not, so I've decided to ask you a question here.
>
> - I'm using CakePHP 2.4.2 and the built-in AuthComponent for authentication
>
> - *The thing is,* after user logs out and another user logs in (using the
> same computer and browser), he is being redirected to the page on which the
> previous user was when logged out. Instead of being redirected to the URL
> defined in 'loginRedirect'
>
> - In this application I'm using role based user permissions system, and
> the most of time system throwing permission error, because newly logged in
> user doesn't have permission to view the page on which previous user was
> when logged out.
>
> This behaviour is very strange to me, because as I know the logout
> function is destroying session, but it seems keeping the last visited URL
> of the previous user in the 'Auth.redirect' property in the new session.
> This seems a little bit strange to me, because I'm expecting this kind of
> redirect in a few cases like:
> - If user session expired and user have to login again.
> - user trying to access to a page which is requiring authentication.
>
> I analised the code and clearly the problem is in the framework core, and
> there is no way to rewrite the 'Auth.redirect' property either before or
> after the 'logout' function call (in any case the session being destroyed
> and as I understand CakePHP taking and writing the last visited page URL to
> the new session from HTTP REFERER).
>
>
> So question:
> Is this a Normal behaviour, and there are some reason why this must be
> this way, or this is a bug?
>
> --
> Like Us on FaceBook https://www.facebook.com/CakePHP
> Find us on Twitter http://twitter.com/CakePHP
>
> ---
> You received this message because you are subscribed to the Google Groups
> "CakePHP" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cake-php+u...@googlegroups.com .
> To post to this group, send email to cake...@googlegroups.com
> .
> Visit this group at http://groups.google.com/group/cake-php.
> For more options, visit https://groups.google.com/d/optout.
>
>
>
--
Like Us on FaceBook https://www.facebook.com/CakePHP
Find us on Twitter http://twitter.com/CakePHP
---
You received this message because you are subscribed to the Google Groups
"CakePHP" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to cake-php+unsubscr...@googlegroups.com.
To post to this group, send email to cake
Re: CakePHP Login redirect
Are you certain the Auth->logout action is being called? Is the session clear (destroyed) after logout? On 28 Jun 2014, at 12:54, Gagik Navasardyan wrote: > Hi everyone. > > I have one question. > > I'm working on an application which is working in local network and acting as > POS(Point of Sale). As you understand it's based on CakePHP framework. > Now I'm encountering a strange behaviour, and I don't know is it a bug or > not, so I've decided to ask you a question here. > > - I'm using CakePHP 2.4.2 and the built-in AuthComponent for authentication > > - The thing is, after user logs out and another user logs in (using the same > computer and browser), he is being redirected to the page on which the > previous user was when logged out. Instead of being redirected to the URL > defined in 'loginRedirect' > > - In this application I'm using role based user permissions system, and the > most of time system throwing permission error, because newly logged in user > doesn't have permission to view the page on which previous user was when > logged out. > > This behaviour is very strange to me, because as I know the logout function > is destroying session, but it seems keeping the last visited URL of the > previous user in the 'Auth.redirect' property in the new session. > This seems a little bit strange to me, because I'm expecting this kind of > redirect in a few cases like: > - If user session expired and user have to login again. > - user trying to access to a page which is requiring authentication. > > I analised the code and clearly the problem is in the framework core, and > there is no way to rewrite the 'Auth.redirect' property either before or > after the 'logout' function call (in any case the session being destroyed and > as I understand CakePHP taking and writing the last visited page URL to the > new session from HTTP REFERER). > > > So question: > Is this a Normal behaviour, and there are some reason why this must be this > way, or this is a bug? > > -- > Like Us on FaceBook https://www.facebook.com/CakePHP > Find us on Twitter http://twitter.com/CakePHP > > --- > You received this message because you are subscribed to the Google Groups > "CakePHP" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to cake-php+unsubscr...@googlegroups.com. > To post to this group, send email to cake-php@googlegroups.com. > Visit this group at http://groups.google.com/group/cake-php. > For more options, visit https://groups.google.com/d/optout. -- Like Us on FaceBook https://www.facebook.com/CakePHP Find us on Twitter http://twitter.com/CakePHP --- You received this message because you are subscribed to the Google Groups "CakePHP" group. To unsubscribe from this group and stop receiving emails from it, send an email to cake-php+unsubscr...@googlegroups.com. To post to this group, send email to cake-php@googlegroups.com. Visit this group at http://groups.google.com/group/cake-php. For more options, visit https://groups.google.com/d/optout.
CakePHP Login redirect
Hi everyone. I have one question. I'm working on an application which is working in local network and acting as POS(Point of Sale). As you understand it's based on CakePHP framework. Now I'm encountering a strange behaviour, and I don't know is it a bug or not, so I've decided to ask you a question here. - I'm using CakePHP 2.4.2 and the built-in AuthComponent for authentication - *The thing is,* after user logs out and another user logs in (using the same computer and browser), he is being redirected to the page on which the previous user was when logged out. Instead of being redirected to the URL defined in 'loginRedirect' - In this application I'm using role based user permissions system, and the most of time system throwing permission error, because newly logged in user doesn't have permission to view the page on which previous user was when logged out. This behaviour is very strange to me, because as I know the logout function is destroying session, but it seems keeping the last visited URL of the previous user in the 'Auth.redirect' property in the new session. This seems a little bit strange to me, because I'm expecting this kind of redirect in a few cases like: - If user session expired and user have to login again. - user trying to access to a page which is requiring authentication. I analised the code and clearly the problem is in the framework core, and there is no way to rewrite the 'Auth.redirect' property either before or after the 'logout' function call (in any case the session being destroyed and as I understand CakePHP taking and writing the last visited page URL to the new session from HTTP REFERER). So question: Is this a Normal behaviour, and there are some reason why this must be this way, or this is a bug? -- Like Us on FaceBook https://www.facebook.com/CakePHP Find us on Twitter http://twitter.com/CakePHP --- You received this message because you are subscribed to the Google Groups "CakePHP" group. To unsubscribe from this group and stop receiving emails from it, send an email to cake-php+unsubscr...@googlegroups.com. To post to this group, send email to cake-php@googlegroups.com. Visit this group at http://groups.google.com/group/cake-php. For more options, visit https://groups.google.com/d/optout.
