Love Fuel?    Donate

FuelPHP Forums

Ask your question about FuelPHP in the appropriate forum, or help others by answering their questions.
Redirect After Login
  • I have created a simple application with Auth and I've a question regarding the redirect after successful login.

    When an unauthorized user clicks on "Edit", "Create" or "Delete", my application redirects to login action and let the user login.

    My question is how do I redirect back to the action which the user originally intended to access after the successful login.

    Thanks for your help in advance.
  • There is a redirect_back() method which might be of some help:
  • Thank you. 
    redirect_back() didn't do it for me. I've tried. 
    Doesn't matter which action I'll try to access, it will always bring me back to the default page
    after successful login. 
  • redirect_back() only works with a valid referrer i.e., links clicked from within the same tab, it won't work for a new tab - that's one reason it will, in some cases, not work for me as a user (I like tabs).

    Another way of making the redirect work (even without a referrer) is to have the logic that redirects to your login method append an URI _GET variable called e.g., "redir". Then you only have to have your form put that into a hidden input field (of which the existence is checked after successful login, then redirect to it), or your form's action also contains the ```?redir=...``` part and you can check for the existence of ```\Input::get('redir')``` when the user has successfully logged in.
  • Thanks for that.

    Yes, I have thought of it. But do I really need to write that myself?
    I came from CakePHP and it had the exact feature I'm talking about now.
    You don't need to pass any valuable via GET to redirect to login in Cake.
    How could it be accomplished with Fuel?

    I mean, I think it's a pretty basic thing. I want it to continue seamlessly after successful login.

  • HarroHarro
    Accepted Answer
    The challenge here is to determine what the definition of "back" is.

    Say you have a URL "/something/edit" that is protected, and redirects to "/login", which displays a login form. The user makes a mistake so the first post fails, the second succeeds. The referrer is useless in this case, since it will point to the previous page, which is "/login" too. And what if I typed in the URL to the login page manually, and my previous page was Google? You don't want to be redirected to that page either.

    So you don't want to go back to the previous URL, you want to go back to the previous application function.

    So I would say, set a session flash variable containing the return URL when you enter your login action,  but only if not already set, and if it points to some URI in your own application. If it is already set, renew it using the Session keep() method to prevent it expiring.

    When the user has succesfully logged in, check if the session key exists, and if so, redirect to it.
  • HarroHarro
    Accepted Answer
    Note that this has some side effects too, depending on your application.

    Say you want to show the user a dashboard page after login, you don't want this redirect back if the login page was requested by the user, instead of by an error situation.

    So you'd probably want a different action, and do the above only in case of an error situation.

    And for your "Cake" remark: We believe that this kind of functionality is application specific, and therefore has no place in the framework. You might want an automatic login when you hit an access control issue, someone else might not.

    Fuel is a framework that doesn't enforce a single pattern upon the developer. That might mean you have to do a bit more work initially (write all this stuff so it can be re-used), but in return gives you the flexibility to create whatever you want, without restrictions.
  • Thank you Harro.

    I understood perfectly.
    I need to somehow pass the valuable to /login action as to which action the user originally intended to access.
    Fuel doesn't cover this kind of action because it is too specific of a functionality.
    Got it!
  • HarroHarro
    Accepted Answer
    It's only about 6 lines of code, and you don't need to pass anything if you don't want to, you could use the referrer at this point.

    It depends on how you want to implement it. You could also overload Auth, and create a has_access_or_redirect() method, that checks for access, and stores the return URL in the session and redirects to login if the check fails.

    Your login action only has to check if the session value exists, and redirect to it if it does.

    I personally find this very dangerous. You can easily create redirect loops if there was an access error but there was already a logged-in user. Or the user that has logged in still has no access to the URL originally requested.

    So from an architecture point of view, I find this kind of automation dangerous, and not needed. If a user has no access to something, the user should not be able to navigate to it. And if the user goes to it directly, give an error message and redirect back to where the user came from.

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

In this Discussion