cakePHP 3.0 - When session times out while "in" an admin controller+action... Cannot redirect to non-admin controller+action

0
votes

Assume I'm in an admin\controller\action...

When a session times out and the user's next request to any controller/action is placed, I end up in my admin\users\login() function. Which is exactly what should happen based on the Auth component settings!

But, then a redirect to ['admin' => false, 'controller' => 'users', 'action' => 'login'] immediately comes back to the "admin\users\login"

The code:

$this->redirect(['admin' => false, 'controller' => 'users', 'action' => 'login'])

does NOT honor the admin=false at this point.

Actually, looking at my 'Auth' component initialization in AppController:

  // Authentication
  $this->loadComponent('Auth', [
    'authorize' => array('Controller'),
    'loginAction' => array('admin' => false, 'plugin' => NULL, 'controller' => 'users', 'action' => 'login'),
    'loginRedirect' => array('admin' => false, 'plugin' => NULL, 'controller' => 'pages', 'action' => '/'),
    'logoutRedirect' => array('admin' => false, 'plugin' => NULL, 'controller' => 'users', 'action' => 'login'),
    'authError' => 'Authorization is Required!',
    'authenticate' => [
        'Form' => ['fields' => ['username' => 'name', 'password' => '
                    'passwordHasher' => 'Default'
        ]
    ]
  ]);

It looks to me as if the admin => false is being ignored. I'm sure that when the delayed (went for coffee) new request for some controller/action occurs that the request would be sent to the admin\users\login since the last one was an admin... but why shouldn't the actual redirect inside the admin\users\login or the Auth->loginRedirect shown here still enforce the admin route?

Is there something new in 3.0, or am I just missing something?

3
cakephpauthenticationredirectcakephp-3.0

3 Answers

1
votes

Regardless of the documentation, 'admin' => false will NOT remove the admin routing performed in the Auth component after session times out when the last request was an admin route.

I found issue #14904579 (dated 2013) that solved this very issue by changing the 'loginAction' => '/users/login'... leaving out the array syntax.

I don't have any idea if this issue existed once in 2013 and has reappeared in version cakphp 3.0.9. I did NOT have this issue when running 2.6.7

0
votes

This is the correct way to remove any prefix from route (admin included):

$this->redirect(['prefix' => false, 'controller' => 'users', 'action' => 'login'])
0
votes
$this->loadComponent('Auth', [
    'loginAction' => [
        'prefix' => false, //just add this if you wish to use the array format for urls
        'controller' => 'Users',
        'action' => 'login',
    ],
    'authError' => 'Login to continue.',
    'storage' => 'Session'
]);

According to the Docs, but no prefix in the LoginAction key in example code