I understand, and you're right that our main goal is a login page that redirects to a specific location.... but it would be nice to also allow users to bookmark or shortcut directly to specific pages where they would be authenticated before redirection to that page (isn't Cake great!).
I guess the simplest way to describe this in the context of our app would be to think about a web-based CRM. The main objective is a login page that acts as a gateway to the protected user-specific dashboard. In our case we have a controller called 'users' with actions for login/logout (per the 1.2 Cake Docs demo) and we're using both Auth and ACL components. I'm describing urls in terms of controllers/actions because we're developing the app using Cake's awesome router capabilities of reverse mapping of url's by specifying arrays of controller/action instead of fixed url's. I've created an action redirectHome that only does a redirect to the users controller login action. That redirectHome action is setup as '/' in the Cake router config. The loginRedirect value of the Auth component is set to redirect the visitor to the index action of the users controller. So if the visitor goes directly to the dashboard root they're redirected to the login action of the users controller. Perfect! But while both auth/acl are in use, when they login, the default cake action is to flash a message that they're not authorized to view that page and they get the login prompt again (even with loginRedirect set to redirect the user to the index action of the users controller). If they then login a second time, the redirect to the index action of the users controller succeeds. It's almost like the loginRedirect is occurring pre-acl and the visitor is brought back to the login action even though they are already authenticated and have access to the page in question. As mentioned, the ability to allow a user to shortcut directly to a page inside their dashboard would be nice as well. In that case it would be beneficial to allow Auth/ACL to authenticate the user and then send to the page they requested. So the idea of handling the redirect myself in the login action didn't feel like the right solution. The "fix" of deleting the auth.redirect session var in beforeFilter did the trick for me. But I wonder why Cake doesn't handle this situation "out of the box" as it seems like a very common use of auth/acl. From the perspective of one new to Cake (but loving it) it feels "broken" when you go to a login page and login with valid credentials but are told you're not authorized to view that page and when you login a second time it works. If this isn't the perfect use for the loginRedirect value then I couldn't imagine what would be. On Oct 22, 8:44 am, Gwoo <[EMAIL PROTECTED]> wrote: > I guess I am having a hard time understanding exactly what you expect > to happen. Initially, I thought you wanted the login to always > redirect to the same location. This would be solved with autoRedirect > = false and handling it in the login action. Maybe you could provide a > better example, with some actual urls? This might help me understand > the problem a bit better. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "CakePHP" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~----------~----~----~----~------~----~------~--~---
