I have a multisite setup with SSL only on the main domain, so all SSL pages go there. The sites have a shared cookie_domain. Before enabling this module, I was using hook_form_alter to set $form['#action'] so that the user would be redirected to the page they logged in on. This module also uses $form['#action'], so it's overriding mine.

I need a way for the form to include an additional variable that contains the original page and doesn't get lost when this module does its thing. What I am thinking of doing is using that to insert some kind of Continue link in the https page the user ends up on, so they can go back to where they were. Along with using it to set the theme this should make for a more seamless user experience.

(It would still be nice to have them redirect all the way back to where they logged in, but I will need the other solution anyway to deal with some of the other pages that are secure, or if they logged in from /user rather than the login block).

Any help would be much appreciated.

Comments

Kalorlo’s picture

It's a bit more complicated than I thought. I have a number of different things I have to solve separately.

1) The login block's create new account and request new password links. For these I think I need to modify them so that they link directly to the secure page and include a variable in the link that I can use to find out where they were. So they will bypass Secure Pages redirects entirely.

2) Login via the login block. It looks like a hidden field that contains the current url is what I want. I found %server[HTTP_REFERER] suggested as a solution, but that was patched to not work anymore since it was considered a privacy issue for anonymous users.

3) Login via /user. Mostly that's just going to be admin if the site's in maintenance mode so it isn't as much of a priority. Possibly just stick a mini-banner content block in there for each site so you can choose which one you wanted yourself, and only if there isn't a referrer variable in the link.

(On the off-chance someone else is looking for this).

Kalorlo’s picture

Title: Need a way to use my own hook_form_alter as well as this module's » Need to keep track of which subdomain the login block was used on - this module interferes

I got further and am now using a custom submit handler to set $form_state['redirect'] in my own module. I can get this to redirect always, but when I try to redirect conditionally I have problems. I get the current url using

$current = url($_GET['q'], array('absolute' => true));

I extract the subdomain (or www) from this, see if it's the one I want and use it to alter the register link in the login block. This works fine.

If I try to tell it to use my custom submit handler in that same if statement, the custom submit never fires. I've also tried using the custom submit handler always and having the originating page in a field that I can check in $form_state['values'] in the submit handler, but I always get the value for my main site, not my subdomain.

I assume that this module secures the login block by doing something like submitting the form from my main site (which is where the secure pages are) and so is rechecking the current url and getting that one instead. So how do I manage to pass the correct information all the way through so it can be picked up on?

(If I switch off Secure Pages Hijack Prevention, my submit handler works as expected and I get the correct url).