To reproduce, turn off access to the front page and log out. The url then reads like this:

/user/login?destination=r4032login

and when a user logs in, they land on an access denied page rather than on the front page.

This only happens if the setting r4032login_redirect_authenticated_users_to is left blank. Setting that is sometimes not an option though since some access denied pages should be shown to authenticated users (eg, if they somehow get a link to edit a node they are not allowed to, redirecting them somewhere without a message is confusing).

Comments

jhedstrom’s picture

Status: Active » Needs review
StatusFileSize
new500 bytes

This patch resolves the issue in my local testing.

dalin’s picture

Status: Needs review » Reviewed & tested by the community

Excellent.

greggles’s picture

@deekayen it seems like there's a repeatable bug description and patch. Anything more you need to review this?

deekayen’s picture

Status: Reviewed & tested by the community » Needs work

The patch doesn't apply anymore.

greggles’s picture

I tried to see where this should apply, I tried rewinding to February 10th (the last commit before the patch was made) and applying the patch, but I just don't see the related code.

@jhedstrom can you re-roll?

pwolanin’s picture

Status: Needs work » Fixed

I think this issue is fixed by the patch in #2103303: Query string parameters not preserved in redirect

Status: Fixed » Closed (fixed)

Automatically closed - issue fixed for 2 weeks with no activity.