Welcome to The Cookbook

While it may be interesting to play with this, be careful about setting it in the app_controller as you can introduce some infinite login loops that are difficult to diagnose. That is especially true if you make the mistake of redirecting it to your login action. If you feel like you have this problem, search through your code where you may have set this variable (you can do it most anywhere) and just comment it out as this is a convenience feature and won't break anything if you uncomment it for 10 minutes.

(... unless the referring url is the loginAction)

I have been testing the loginRedirect variable, and I think that the information in this section is either wrong or misleading.

I put the following code in my UsersController class:

function beforeFilter() {

$this->Auth->loginRedirect = array('controller' => 'users', 'action' => 'direct');

}

I discovered that this caused a redirect to '/users/direct' only when the referring url was '/users/login.' In other words, if I had Auth-protected actions in other controllers, and I tried to access one *before logging in* by typing '/controller/auth_protected_action' then I would get redirected to a login screen with a Message.auth = "You are not authorized to access that location.", but after logging in, I would NOT get redirected to '/users/direct'; instead, I would see the View for 'auth_protected_action'. This held true even if I put the loginRedirect line in a beforeFilter() in AppController.

The way that I have found that loginRedirect actually works is how I was hoping it would work. I was having quite a lot of difficulty figuring out how to handle users' first login. If I tried to direct them to a home page that was Auth-protected, the login screen would also show an error message, whereas I would want it to simply say something like "Please log in to begin." If it directed the user to a welcome page with login boxes but then used '/users/login' to authenticate, the user would simply get redirected back to the welcome page with login boxes. The only option I found was to create a controller action—let's call it '/users/direct'—that was not Auth-protected but that checked to see if the user had logged in by checking is_null($this->Auth->user()). If the user hadn't logged in, '/users/direct' rendered the login view; if the user had logged in, it did whatever else it was supposed to do.

But now, I just add the few lines of code above, and when users first happen upon the site they are directed to '/users/login' (by the pages controller) and then after they log in they are redirected to '/users/direct'. Hurray.

One oddity I discovered along the way:

If you put a beforeFilter() function in one of your controllers it overrides any beforeFilter() you may have put in the AppController. The function does not cascade or inherit, so you must copy any code from AppController::beforeFilter() that you still want to execute into the beforeFilter() inside your controller.

I have been testing the loginRedirect variable, and I think that the information in this section is either wrong or misleading.

I put the following code in UsersController:

function beforeFilter() {

$this->Auth->loginRedirect = array('controller' => 'users', 'action' => 'direct');

}

I discovered that this caused a redirect to '/users/direct' only when the referring url was '/users/login.' In other words, if I had Auth-protected actions in other controllers, and I tried to access one before logging in by typing '/controller/auth_protected_action' then I would get redirected to a login screen with a Message.auth = "You are not authorized to access that location.", but after logging in, I would NOT get redirected to '/users/direct'; instead, I would see the View for 'auth_protected_action'. This held true even if I put the loginRedirect line in a beforeFilter() in AppController.

The way that I have found that loginRedirect actually works is how I was hoping it would work. I was having quite a lot of difficulty figuring out how to handle users' first login. If I tried to direct them to a home page that was Auth-protected, the login screen would show an error message, whereas I would want it to simply say something like "Please log in to begin." If it directed the user to a welcome page with login boxes but then used '/users/login' to authenticate, the user would simply get redirected back to the welcome page with login boxes. The only option I found was to create a controller action—let's call it '/users/direct'—that was not Auth-protected but that checked to see if the user had logged in by checking is_null($this->Auth->user()). If the user hadn't logged in, '/users/direct' rendered the login view; if the user had logged in, it did whatever else it was supposed to do.

One oddity I discovered along the way:

If you put a beforeFilter() function in one of your controllers it overrides any beforeFilter() you may have put in the AppController. It does not cascade or inherit, so you must copy any code from AppController::beforeFilter() that you still want to execute into the beforeFilter() inside your controller.

I have been testing the loginRedirect variable, and I think that the information in this section is either wrong or misleading.

I put the following code in UsersController:

function beforeFilter() {

$this->Auth->loginRedirect = array('controller' => 'users', 'action' => 'direct');

}

I discovered that this caused a redirect to '/users/direct' only when the referring url was '/users/login.' In other words, if I had Auth-protected actions in other controllers, and I tried to access one before logging in by typing '/controller/auth_protected_action' then I would get redirected to a login screen with a Message.auth = "You are not authorized to access that location.", but after logging in, I would NOT get redirected to '/users/direct'; instead, I would see the View for 'auth_protected_action'. This held true even if I put the loginRedirect line in a beforeFilter() in AppController.

The way that I have found that loginRedirect actually works is how I was hoping it would work. I was having quite a lot of difficulty figuring out how to handle users' first login. If I tried to direct them to a home page that was Auth-protected, the login screen would show an error message, whereas I would want it to simply say something like "Please log in to begin." If it directed the user to a welcome page with login boxes but then used '/users/login' to authenticate, the user would simply get redirected back to the welcome page with login boxes. The only option I found was to create a controller action—let's call it '/users/direct'—that was not Auth-protected but that checked to see if the user had logged in by checking is_null($this->Auth->user()). If the user hadn't logged in, '/users/direct' rendered the login view; if the user had logged in, it did whatever else it was supposed to do.

One oddity I discovered along the way:

If you put a beforeFilter() function in one of your controllers it overrides any beforeFilter() you may have put in the AppController. It does not cascade or inherit, so you must copy any code from AppController::beforeFilter() that you still want to execute into the beforeFilter() inside your controller.

Just put parent::beforeFilter() in your Controller's beforeFilter().

This makes sure the AppController's beforeFilter() gets called.

Just unset the key 'Auth.redirect' in your beforeFilter, if you want to force the user to the page you want:

$this->Session->write('Auth.redirect', null);

$this->Auth->loginRedirect = array('controller' => 'bla', 'action' => 'foo');

I always want my login action to go the controller/action I define in $this->Auth->loginRedirect = ... in my app_controller.php beforeFilter method.

I added the line suggested by bjorn in the same beforeFilter such as:

$this->Session->write('Auth.redirect', null);

But there is no change in behavior.

I also have tried adding $this-Session->del('Auth.redirect') to no avail.

The funny thing is, if I add either line to afterFilter, I always end up directed to the index via http://www.domain.com/, which I would expect because I'm clearing Auth.redirect whether set explicitly or not.

Any ideas why this is flat out not working if I try it in beforeFilter?

Ignore my last comment... unless you're having a similar problem.

It turns out I overrode the AppController's beforeFilter with a beforeFilter in my User class, and neglected to call parent::beforeFilter();

Therefore, none of the stuff I was putting in AppController's beforeFilte was respected when routed through any method of User.

I found it helpful to directly set the Auth.Redirect session variable:

$this->Session->write('Auth.redirect', '/bla/foo');

The variable seems to get reset after the user successfully logs in or an unauthorized page is accessed.