CakePHP login method read session if exists for redirect

Question

I have disabled autoRedirect so I can do some extra jazz in the login method of my users controller and use a Session to send them back to where they came from.

class UsersController extends AppController
{
    var $name = 'Users';

    var $components = array('Session');

    function beforeFilter()
    {
        parent::beforeFilter();

        $this->Auth->allow(array('login','logout','admin_logout','admin_login')); 

        $this->Session->write('back_to', $this->referer());
    }

    /**
     * Log in
     */

    function admin_login ()
    {
        $this->set('title_for_layout', 'Log in &ndash; Admin &mdash;');

        if(!(empty($this->data)) && $this->Auth->user())
        {   

            $back_to = $this->Session->read('back_to');

            if($back_to)
            {
                $this->redirect($back_to, null, true);
            }
            else
            {
                $this->redirect($this->Auth->redirect(), null, true);
            }
        }

        if($this->Auth->user())
        {
            $this->redirect($this->Auth->redirect(), null, true);
        }

    }

So the idea is that if a user has the session (99.% of the time) then on submit of form it will send the user TO the previous page, if not then send to the default loginRedirect.

NOTE: by setting autoRedirect to false, CakePHP no longer uses the Auth.Redirect session! So the value stored there is not used by the app anymore and is intentional!

The problem I am having is that my app is ALWAYS sending the user to the dashboard because of the function below 'This one' comment in the code above. If I remove that function then the user is just sent BACK to the login form all the time BUT they will be logged in!

Can anyone help?

Thanks

UPDATE: here is my appcontroller code:

class AppController extends Controller
{
    var $components = array('Auth','Session');

        public function beforeFilter()
        {

            parent::beforeFilter();

            $this->Auth->authorize = 'controller';

            $this->Auth->autoRedirect = false;

            $this->Auth->loginAction = array('controller'=>'users','action'=>'login','admin'=>true
            );

            $this->Auth->loginRedirect = array('admin'=>true,'controller' => 'dashboard', 'action' => 'index');

            $this->Auth->logoutRedirect = array('admin'=>false,'controller' => 'pages', 'action' => 'display','home');
        }

    function isAuthorized()
    {
        return true;
    }
}

Rob Wilkerson Rob Wilkerson · Accepted Answer · 2011-08-23T00:03:33

You're not existing after redirection. Try changing your redirection signature to:

$this->redirect( $back_to, null, true );

The 2nd argument is a status code and the third is whether to stop processing the current action. This should prevent you from dropping down to the last redirection which I'm guessing is the one being executed.

Given our long comment "discussion" below, try tweaking your admin_login() method like this:

if(!(empty($this->data)) && $this->Auth->user()) {
  $back_to = $this->Session->read('back_to');

  if($back_to) {
    $this->redirect($back_to, null, true);
  }
  else {
    $this->redirect($this->Auth->redirect(), null, true);
  }
}
else {
  # Only write back_to when you arrive at the login page without data
  $this->Session->write('back_to', $this->referer());
}

CakePHP login method read session if exists for redirect

3 Answers