Thanks so much! I'm surprised this hasn't come up more often, as it seems such a common thing for an application to allow for. FWIW, I think this would make an excellent tutorial, perhaps for
next advent calendar, or even the next Catalyst book! :-)

On 8/4/2010 3:09 PM, Bill Moseley wrote:

On Wed, Aug 4, 2010 at 11:22 AM, Steve < <>> wrote:

    Original post:

    My apologies for rehashing this old post, but this is such a
    *nice* thing to do for users that
    I'm sort of surprised the solution hasn't been implemented as a
    plugin or something, at least
    so far as I can tell...

    I'm trying to implement this elegant solution, but am getting
    stuck with the

    'just dump any POST data back out into
    hidden fields in the login form, don't change the URL, and have
    the login
    form processed in a forward() from auto or similar rather than doing a
    detach' part.

I think the suggestion was in auto always check if authenticated. If not authenticated, then attempt to authenticate with existing form data (e.g. if a username and password have been posted). if that succeeds then just continue on to the requested action.

If cannot authenticate then display a login form but also include all other parameters that were posted in hidden fields. Set the action to post back to the original action.


You probably want to track the original request method (GET POST PUT DELETE) so that when the form is submitted (and finally authenticated) your action sees the original request method.

If there's upload data then you would need to handle that additionally.

    My questions are as follows:
    What hidden field or fields are in the login form?

One for each posted parameter.

    Where in the code sample are the items stashed? (or are they stored

When rendering the form.  You are using the client as a store.

    Where in the code sample do we pick up after successful
    authentication in order to (forward, detach, redirect - pick one
    or supply alt.)?

You don't. if the original post was to /user (e.g. to create a new user) then the "login" form looks just like your normal login form, but the action is a POST to /user.

Bill Moseley <>

Searchable archive:
Dev site:

No virus found in this incoming message.
Checked by AVG -
Version: 9.0.851 / Virus Database: 271.1.1/3050 - Release Date: 08/04/10 

Searchable archive:
Dev site:

Reply via email to