Monday, June 30, 2014

Re: CakePHP Login redirect

Are you certain the Auth->logout action is being called? Is the session clear (destroyed) after logout?

On 28 Jun 2014, at 12:54, Gagik Navasardyan <gagnav@gmail.com> wrote:

Hi everyone.

I have one question.

I'm working on an application which is working in local network and acting as POS(Point of Sale). As you understand it's based on CakePHP framework.
Now I'm encountering a strange behaviour, and I don't know is it a bug or not, so I've decided to ask you a question here.

- I'm using CakePHP 2.4.2 and the built-in AuthComponent for authentication

- The thing is, after user logs out and another user logs in (using the same computer and browser), he is being redirected to the page on which the previous user was when logged out. Instead of being redirected to the URL defined in 'loginRedirect'

- In this application I'm using role based user permissions system, and the most of time system throwing permission error, because newly logged in user doesn't have permission to view the page on which previous user was when logged out.

This behaviour is very strange to me, because as I know the logout function is destroying session, but it seems keeping the last visited URL of the previous user in the 'Auth.redirect' property in the new session.
This seems a little bit strange to me, because I'm expecting this kind of redirect in a few cases like:
- If user session expired and user have to login again.
- user trying to access to a page which is requiring authentication. 

I analised the code and clearly the problem is in the framework core, and there is no way to rewrite the 'Auth.redirect' property either before or after the 'logout' function call (in any case the session being destroyed and as I understand CakePHP taking and writing the last visited page URL to the new session from HTTP REFERER).


So question:
Is this a Normal behaviour, and there are some reason why this must be this way, or this is a bug?

--
Like Us on FaceBook https://www.facebook.com/CakePHP
Find us on Twitter http://twitter.com/CakePHP

---
You received this message because you are subscribed to the Google Groups "CakePHP" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cake-php+unsubscribe@googlegroups.com.
To post to this group, send email to cake-php@googlegroups.com.
Visit this group at http://groups.google.com/group/cake-php.
For more options, visit https://groups.google.com/d/optout.

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)