Download & Extend
CustomError » Issues

$_SESSION['redirect'] causes login form to redirect to 404 pages

Posted by justin2pin on June 26, 2009 at 3:32am
Project:CustomError
Version:6.x-1.x-dev
Component:Code
Category:bug report
Priority:normal
Assigned:Unassigned
Status:closed (fixed)

Issue Summary

I think the intended behavior is for the login form to redirect the user ONLY for 403 pages, so that users looking at "Access Denied" pages are redirected to the page they were trying to access once they have logged in. If this is correct, the $_SESSION['destination'] = $_REQUEST['destination'] just needs to be moved a couple lines down, under "case 403:" and above "case 404:". I'd be happy to submit a patch; wasn't sure if I was missunderstanding intended behavior.

Login or register to post comments

Comments

#1

Posted by kbahey on June 26, 2009 at 3:49am
Version:master» 6.x-1.x-dev
Status:active» needs review

I committed a change for this based on your suggestion.

The change should be available in about 9 hours from the time of this message, in the -dev download.

Please test it and see if it fixes the issue, and I will create a stable release.

#2

Posted by shezaf on July 27, 2009 at 12:09am

Using the latest stable AND dev I got an identical behavior: I used the recommended script for redirecting 403 back to the denied page. Once a user logged in he got back to the custom 403 page rather than to the originating page. The reason was that the call to the login page passed in the "destination" parameter the value "customerror/403" rather than the address of the denied page.

I think this is similar to several of the tickets marked as duplicate of this ticket even

I solved it by ripping logintoboggan_destination() from logintoboggan and inserting it immidiately after the "case 403" in the function customerror_page. I did not modify the 403 php snippet.

The logintoboggan_destination() comment provide the explanation:

// with custom 403, drupal_get_destination() would return toboggan/denied
// which would show 'Access Denied' after login... what good is that!?
// Because drupal_access_denied() sets $_REQUEST['destination'], and that
// overrides any other setting in drupal_goto(), we manipulate that
// directly here instead of returning values to the form code.

#3

Posted by kbahey on July 27, 2009 at 1:10am
Status:needs review» fixed

I committed this to the -dev release. Should be in the tarball about 12 hours from now.

Please download then and test it.

#4

Posted by System Message on August 10, 2009 at 1:20am
Status:fixed» closed (fixed)

Automatically closed -- issue fixed for 2 weeks with no activity.