[Catalyst] upon successful login, how do i get redirect users back to the page they wanted to access previously?

J. Shirley jshirley at gmail.com
Sat Apr 18 22:06:14 GMT 2009 

On Sat, Apr 18, 2009 at 10:19 PM, <kakimoto at tpg.com.au> wrote:

> Hello, everyone!
>
>  thank you for your recommendations.
> I have looked at the
> http://dev.catalystframework.org/wiki/wikicookbook/nextpageredirect link
> and
>
> http://search.cpan.org/~hkclark/Catalyst-Manual-5.7020/lib/Catalyst/Manua=
l/Tutorial/Authentication.pod<http://search.cpan.org/%7Ehkclark/Catalyst-Ma=
nual-5.7020/lib/Catalyst/Manual/Tutorial/Authentication.pod>
> .
>
> Here's an extract, "As discussed in the previous chapter of the
> tutorial, flash allows you to set variables in a way that is very
> similar to stash, but it will remain set across multiple requests. Once
> the value is read, it is cleared (unless reset).".
>
>
> I tried using FLASH and yet it doesn't work for me.
> The value  I set in the flash gets lost after a redirect. Sorry to ask
> but does flash really work and is it reliable? I know setting stuff in
> the session variable is definitely reliable.
>
> Here are some extracts.
>
>  1) I access www.lginsurance.com.au/subscriptions/add
>  2) Since I am not logged in, Root->auto() kicks in and calls
> Login->index()
>  3) The path which I am requesting for (being '/subscriptions/add') gets
> stored in the flash, $c->flash->{'requested_page'}
>  4) Looking at the debugging messages printed from Login.pm->, the
> $c->flash->{'requested_page'} is empty (ie lost!)
> 5) The login form appears in my web browser and I log in.
> 6) All good in that I have authenticated myself but the page that loads
> is the main menu (instead of the
>  page I previously wanted which is
> www.lginsurance.com.au/subscriptions/add).
>
> Does flash really work or should I just use the session variable?
>
>
> -------- Root.pm (start) ----------------------------------------------
>
> sub auto : Private {
>    my ($self, $c) =3D @_;
>
>    $c->log->debug(" Root.pm -> auto and path is ". $c->req->path() );
>
>    if ($c->controller eq $c->controller('Login')) {
>        $c->log->debug(" Root.pm -> auto  - asked for login path");
>        return 1;
>    }
>    else{
>        if ($c->user_exists())
>        {
>            my $requested_page =3D $c->flash->{'requested_page'};
>            $c->log->debug(" Root.pm -> auto  - USER's logged in.
> Proceed.($requested_page)");
>
>            if ( $requested_page )
>            {
>                $c->log->debug(" Root.pm -> auto  - Requested Path is
> getting redirected to.");
>                $c->response->redirect(
>                    $requested_page
>                );
>                $c->log->debug(" Root.pm -> auto  - BACK FROM
> REDIRECTION... ");
>            }
>            return 1;
>        }
>        else
>        {
>            $c->log->debug(" Root.pm -> auto  - USER's not logged in.
> Forcing login and setting 'requested_page' =3D ". $c->req->pat
> h() );
>            $c->flash->{'requested_page'} =3D $c->req->path();
>
>            $c->log->debug(" Root.pm -> auto  - USER's not logged in.
> RECHECKING THE 'requested_page' =3D ". $c->req->path() );
>
>            $c->response->redirect($c->uri_for('/login'));
>            return 0;
>        }
>
>    }
>
> -------- Root.pm (end ) ----------------------------------------------
>
> -------- Login.pm (start ) ----------------------------------------------
>
> sub index : Private {
>    my ($self, $c) =3D @_;
>    $c->log->debug( " in login .pm " );
>    my $requested_page =3D $c->flash->{'requested_page'};
>    $c->log->debug(" Login.pm -> index- the path for requested_page is
> .($requested_page)");
>
>    # Get the username and password from form
>    my $username =3D $c->request->params->{username} || '';
>    my $password =3D $c->request->params->{password} || '';
>
>    # If the username and password values were found in form
>    if ($username && $password) {
>        # Attempt to log the user in
>
>        if ($c->login($username, $password))
>        {
>            $c->log->debug(" Login.pm [authenticated current user] ->
> index... ");
>
>
>            # If successful, then let them use the application
>            $c->response->redirect( $c->uri_for('/') );
>            return 1;
>        }
>        else
>        {
>            # Set an error message
>            $c->stash->{error_msg} =3D "Bad username or password.";
>        }
>    }
>
>    # If either of above don't work out, send to the login page
>    $c->stash->{template} =3D 'login.tt2';
>
>    return 1;
> }
>
>
> -------- Login.pm (end ) ----------------------------------------------
>
>
>
> Quoting Oliver Charles <oliver.g.charles at googlemail.com>:
>
> > On Sat, Apr 18, 2009 at 2:34 AM,  <kakimoto at tpg.com.au> wrote:>
> > > hi, everybody,
> > >
> > > [snip]
> > >
> > > upon successful login, how do i get redirect users back to the page
> > they
> > > wanted to access previously (which is
> > > www.lginsurance.com.au/subcriptions/add)? At the moment, upon
> > successful
> > > login, menu.tt2 will be called.
> >
> > At work we do this with http://tr.im/j75v . If an action requires
> > the
> > user to be authenticated, they call $c->forward('/user/login'). If
> > they are logged in, that action returns immediately and the action
> > can
> > continue. Otherwise, the current URI is stored in session, and the
> > login form is presented. Then, when the login is successful, the URI
> > is restored, and the user is redirect.
> >
> > However... after seeing Devin's approach, which is essentially the
> > same but without the session, I may change to that. I believe the
> > two
> > approaches are essentially the same though.
> >
> > --
> >     Oliver Charles / aCiD2
> >
> > _______________________________________________
> > List: Catalyst at lists.scsys.co.uk
> > Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
> > Searchable archive:
> > http://www.mail-archive.com/catalyst@lists.scsys.co.uk/
> > Dev site: http://dev.catalyst.perl.org/
> >
> >
> >
>
>
>
>
> _______________________________________________
> List: Catalyst at lists.scsys.co.uk
> Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
> Searchable archive:
> http://www.mail-archive.com/catalyst@lists.scsys.co.uk/
> Dev site: http://dev.catalyst.perl.org/
>


Flash works fine, as the tests and documentation state.  In fact, the
documentation you quote shows your problem.

When you read from the flash, it is cleared.  Your login page reads from
flash, after the auto method sets it and redirects.  After the login page is
displayed, it is no longer set.

This is why I don't like using either the session or the flash, and instead
just use hidden parameters (<input type=3D"hidden"...>).

Then I can also share the links, and it works (I redirect if the user
already is authenticated).  The other thing to think about is to make sure
that you are only redirecting to a whitelist of domains.

-J
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.scsys.co.uk/pipermail/catalyst/attachments/20090419/15809=
597/attachment.htm

More information about the Catalyst mailing list