Yii Framework Forum: Endless Redirect At Login - Yii Framework Forum

Jump to content

Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

Endless Redirect At Login Rate Topic: -----

#1 User is offline   rall0r 

  • Standard Member
  • PipPip
  • Yii
  • Group: Members
  • Posts: 181
  • Joined: 11-November 10
  • Location:Bln

Posted 16 August 2013 - 03:25 AM

Hi,

we use the feature "accessRules" for actions to decide, if an user is allowed to see content or not.
If an user tries to get an action (for example actionSendMail) which is only accessible for users which are logged in, so the rule calls the login-procedure. The login procedure tries to login the user, set the username and isGuest flag to true or false and redirects the user back to the action where he was coming from (in this example actionSendMail)

This works well, as long the user can be logged in. But if the login in is not successful, the login procedure set the isGuest flag and redirects back to the action where the users comes from (in this example actionSendMail), which is okay. In this case, the action knows, that the user need to be logged in for that action an starts the login procedure again, which results in endless logins tries.

So my question is: is there a way to avoid an 2nd login, if the first fails? Maybe there is an option I can set at the accessRules array?

Thank you.
0

#2 User is offline   Ankit Modi 

  • Master Member
  • PipPipPipPip
  • Yii
  • Group: Members
  • Posts: 890
  • Joined: 19-February 13
  • Location:India

Posted 16 August 2013 - 04:08 AM

can you post the code?
Thanks,
Ankit Modi
Skype : amodi06
0

#3 User is offline   rall0r 

  • Standard Member
  • PipPip
  • Yii
  • Group: Members
  • Posts: 181
  • Joined: 11-November 10
  • Location:Bln

Posted 16 August 2013 - 04:28 AM

Which one? The code for the accessRules or the login procedure ?
0

#4 User is offline   Ankit Modi 

  • Master Member
  • PipPipPipPip
  • Yii
  • Group: Members
  • Posts: 890
  • Joined: 19-February 13
  • Location:India

Posted 16 August 2013 - 04:43 AM

Both accessRules and login action
Thanks,
Ankit Modi
Skype : amodi06
0

#5 User is offline   nineinchnick 

  • Master Member
  • PipPipPipPip
  • Yii
  • Group: Members
  • Posts: 622
  • Joined: 12-September 11
  • Location:Bialystok, Poland

Posted 16 August 2013 - 01:19 PM

Why would you redirect the user back to the original page after a failed login attempt? Shouldn't he stay on the login form to correct his credentials and try again?

Redirect him back only after successful login.
Don't be a dick.
0

#6 User is offline   codesutra 

  • Advanced Member
  • PipPipPip
  • Yii
  • Group: Members
  • Posts: 596
  • Joined: 15-March 11
  • Location:India

Posted 16 August 2013 - 01:51 PM

i think you should have to use some handle action where you can send user after failed login.Till that time hold the return url in session then send him again on return url if Login is successful.

So, basically you need to change your approach here.else you are going to face this problem for long time.
And also please dont forget to unset your session variable where you are keeping your return url. Otherwise its going to be big prob for you. ;)
CodeSutra
0

#7 User is offline   rall0r 

  • Standard Member
  • PipPip
  • Yii
  • Group: Members
  • Posts: 181
  • Joined: 11-November 10
  • Location:Bln

Posted 17 September 2013 - 04:10 AM

Quote

Why would you redirect the user back to the original page after a failed login attempt? Shouldn't he stay on the login form to correct his credentials and try again?

There is no "login form". The user will be logged in by browser certificate...
...and will be returned to the original page to use this page/application as guest with an degraded set of functions.
0

#8 User is offline   nineinchnick 

  • Master Member
  • PipPipPipPip
  • Yii
  • Group: Members
  • Posts: 622
  • Joined: 12-September 11
  • Location:Bialystok, Poland

Posted 17 September 2013 - 09:19 AM

You could specify your own 'deniedCallback' property in accessRules. By default it calls this method:
protected function accessDenied($user,$message)
{
    if($user->getIsGuest())
        $user->loginRequired();
    else
        throw new CHttpException(403,$message);
}

You'd have to use some property to indicate that a user is a guest BUT he already attempted logging in. Like a three state value in isGuest instead of just boolean true/false.
Don't be a dick.
0

#9 User is offline   rall0r 

  • Standard Member
  • PipPip
  • Yii
  • Group: Members
  • Posts: 181
  • Joined: 11-November 10
  • Location:Bln

Posted 20 September 2013 - 08:42 AM

@nineinchnick
You have got the solution! :-) Thank you!!
0

Share this topic:


Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users