I wrote a lengthy reply earlier but I guess it wasn't delivered. The simplest way to describe our application would be that of a web-based CRM. Most site pages will be user-specific and most users will access those pages through a 'login' page that acts as gateway to the application and redirects them to a specific location. However, it would be nice to allow users to bookmark internal pages and when they attempt to access those directly, the auth/acl components will authorize through login and then redirect to the originally requested page (isn't Cake great!).
I'll describe urls in terms of controllers and actions because that's how we're writing the app (to take advantage of the Cake router's awesome reverse mapping capabilities for url generation). The Cake router is mapped so that '/' redirects to the Users controller login action. We're using both the Auth and ACL components per the 1.2 documentation example. When a user requests the main page of the cake application (as in http://www.mycakeapp.com/) they're redirected to the Users controller login action where they can login to their dashboard. The auth component has a value for loginRedirect that should redirect the visitor to the index action of the Users controller if no other page was requested (as is the case here). When the user logs in with valid credentials that are authorized to view the index action of the users controller, they're returned to the login action with a flash message that tells them they're not authorized to access that page. If they login a second time with the same credentials then they're redirected as originally intended. To someone new to Cake, it appears that this is broken when you go to a login screen and login with valid credentials but are redirected back to the same screen with a flash prompt that you're not authorized to view that page and then when you login a second time you're redirected as originally intended. It's almost as if the auth login redirect is happening before the ACL is provided the Auth info. I don't think we experienced this issue before we implemented ACL (but I'm not sure). The suggested fix of deleting the session var for Auth.redirect in the beforeFilter works great for our application. This login style is a fairly common practice for web apps that use Auth/Acl and if this isn't the perfect case for using loginRedirect then I couldn't imagine what would be. This may be an oversimplification, but couldn't Cake check to see if the originally requested URL is the same as the Auth.redirect and if they match then delete the session var and don't bother redirecting (to a page you're already on)? On Wed, Oct 22, 2008 at 8:44 AM, Gwoo <[EMAIL PROTECTED]> wrote: > > I guess I am having a hard time understanding exactly what you expect > to happen. Initially, I thought you wanted the login to always > redirect to the same location. This would be solved with autoRedirect > = false and handling it in the login action. Maybe you could provide a > better example, with some actual urls? This might help me understand > the problem a bit better. > > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "CakePHP" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~----------~----~----~----~------~----~------~--~---
