Forum OpenACS Development: ad_get_login_url policy for /register/* urls

Collapse
1: ad_get_login_url policy for /register/* urls
Posted by Antonio Pisano on 11/04/15 11:18 AM
Hello everyone,

on an installation we found out this behavior: if one tries to enter a page unauthenticated, it is redirected to the login page. This is ok, one enters credentials and then is redirected to the page he/she was trying to access.

This kind of scenario however doesn't work: one tries to enter a page, gets redirected to the login page, once there clicks again on the login url by mistake. When finally enters credentials it is redirected to the generic user home rather than to the page he/she was accessing before.

This is caused by ad_get_login_url proc, when we can find the following comment:
# We don't add a return_url if you're currently under /register, because that will frequently
# interfere with normal login procedure

I think we can relax this by saying that if we are under /register, we just conserve the eventually existing return_url and otherwise we keep with current behavior.

This could be achieved going from this:

# We don't add a return_url if you're currently under /register, because that will frequently
# interfere with normal login procedure
if { [ad_conn isconnected] && $return_p && ![string match "register/*" [ad_conn extra_url]] } {
if { [security::secure_conn_p] || ![security::RestrictLoginToSSLP] } {
set return_url [ad_return_url]
} else {
set return_url [ad_return_url -qualified]
}
...........

to this:

if { [ad_conn isconnected] && $return_p} {
# if under register/, we just conserve eventually set return_url
if {[string match "register/*" [ad_conn extra_url]]} {
set return_url [ns_set get [ns_getform] return_url]
} elseif { [security::secure_conn_p] || ![security::RestrictLoginToSSLP] } {
set return_url [ad_return_url]
} else {
set return_url [ad_return_url -qualified]
}
..................

this modification has been put on our instance and seems to work properly. However, we run on 5.5 and I've seen many modification have been made to the proc on current version. Does it still apply? If it does I think this change could be desirable for everyone.

http://www.openacs.org/api-doc/proc-view?proc=ad_get_login_url&source_p=1

All the best

Antonio