Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Users don't get redirected to requested url on login #47

Open
lsjroberts opened this issue Jan 29, 2014 · 2 comments
Open

Users don't get redirected to requested url on login #47

lsjroberts opened this issue Jan 29, 2014 · 2 comments
Labels
bug

Comments

@lsjroberts
Copy link
Contributor

Problem

We correctly look for the referer in the Controller\Authentication::login(), however the $_SERVER['REFERER_URL'] value is not always present and can't be relied on. In particular it appears not to be set when the browser receives a 302 response.

Solutions

Session variable

We could store the referrer automatically in the session when $this->redirect() is called on a controller. This should be stored either as a flash session or have an event listener which deletes it to ensure it only lives for one request.

GET parameter

We could pass the referrer as a GET parameter, either automatically appended when calling $this->redirectToRoute() or as an additional flag on the method.

e.g.

// Automatically got using $this->getRequest()->getUri()
$this->redirectToRoute('ms.user.login', [], 302, true);

// Or manually
$this->redirectToRoute('ms.user.login', [], 302, 'some-url');

It might be preferable to make true the default, and be required to pass false due to the inconvenience of the [], 302 parameters. Depends on which situation is likely to be more used.

getReferer()

We should also probably have a helper method on the controller/request to get the referrer in a priority order, e.g. $this->getReferer() which would check the headers first then the session/get parameter.

@messagedigital/back-end-developers Thoughts?
@joeholdcroft
Copy link
Contributor

Hmm, I'm leaning towards the session solution but I don't like the idea of having to check for it throughout the code.

How about:

  • Add event listener on KernelEvents::RESPONSE to check if the response is RedirectResponse (or the status code starts 30) and set session variable for the current URI as the referer
  • Add event listener on KernelEvents::REQUEST to check for the aforementioned session variable, and set it as the referer header on the Request object (unless a referer is already set). Delete the session after this (regardless of if it's set or not)

Would that work dya think?

@lsjroberts
Copy link
Contributor Author

That sounds like a clever solution yep.

@lsjroberts lsjroberts mentioned this issue Jan 29, 2014
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@joeholdcroft @lsjroberts