FAQ
hi, everybody,


Take this scenario:
a user who has yet to login tries to access a path that is only for
logged in users.
Assume it is www.lginsurance.com.au/subcriptions/add.


Hence, in my index.tt2, upon displaying a message indicating that the
current user has yet to log in, I also display the log in form.

----------------- extract from index.tt2 - starts ------------------

[% IF Catalyst.user_exists %]
[% PROCESS "menu.tt2" %]
[% ELSE %]
User has not logged in.
[% PROCESS "login.tt2" %]
[% END %]


----------------- extract from index.tt2 - ends ------------------



upon successful login, how do i get redirect users back to the page they
wanted to access previously (which is
www.lginsurance.com.au/subcriptions/add)? At the moment, upon successful
login, menu.tt2 will be called.

Thank you.


K. akimoto

Search Discussions

  • Devin Austin at Apr 18, 2009 at 1:38 am
    here's one way to do it:
    http://dev.catalystframework.org/wiki/wikicookbook/nextpageredirect
    On Fri, Apr 17, 2009 at 7:34 PM, wrote:


    hi, everybody,


    Take this scenario:
    a user who has yet to login tries to access a path that is only for
    logged in users.
    Assume it is www.lginsurance.com.au/subcriptions/add.


    Hence, in my index.tt2, upon displaying a message indicating that the
    current user has yet to log in, I also display the log in form.

    ----------------- extract from index.tt2 - starts ------------------

    [% IF Catalyst.user_exists %]
    [% PROCESS "menu.tt2" %]
    [% ELSE %]
    User has not logged in.
    [% PROCESS "login.tt2" %]
    [% END %]


    ----------------- extract from index.tt2 - ends ------------------



    upon successful login, how do i get redirect users back to the page they
    wanted to access previously (which is
    www.lginsurance.com.au/subcriptions/add)? At the moment, upon successful
    login, menu.tt2 will be called.

    Thank you.


    K. akimoto

    _______________________________________________
    List: Catalyst@lists.scsys.co.uk
    Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
    Searchable archive:
    http://www.mail-archive.com/catalyst@lists.scsys.co.uk/
    Dev site: http://dev.catalyst.perl.org/


    --
    Devin Austin
    http://www.codedright.net
    http://www.dreamhost.com/r.cgi?326568/hosting.html - Host with DreamHost!
    -------------- next part --------------
    An HTML attachment was scrubbed...
    URL: http://lists.scsys.co.uk/pipermail/catalyst/attachments/20090417/faf62a1a/attachment.htm
  • Oliver Charles at Apr 18, 2009 at 12:02 pm
    On Sat, Apr 18, 2009 at 2:34 AM, wrote:>
    hi, everybody,

    [snip]

    upon successful login, how do i get redirect users back to the page they
    wanted to access previously (which is
    www.lginsurance.com.au/subcriptions/add)? At the moment, upon successful
    login, menu.tt2 will be called.
    At work we do this with http://tr.im/j75v . If an action requires the
    user to be authenticated, they call $c->forward('/user/login'). If
    they are logged in, that action returns immediately and the action can
    continue. Otherwise, the current URI is stored in session, and the
    login form is presented. Then, when the login is successful, the URI
    is restored, and the user is redirect.

    However... after seeing Devin's approach, which is essentially the
    same but without the session, I may change to that. I believe the two
    approaches are essentially the same though.

    --
    Oliver Charles / aCiD2
  • K. Akimoto at Apr 18, 2009 at 1:19 pm
    Hello, everyone!

    thank you for your recommendations.
    I have looked at the
    http://dev.catalystframework.org/wiki/wikicookbook/nextpageredirect link
    and
    http://search.cpan.org/~hkclark/Catalyst-Manual-5.7020/lib/Catalyst/Manual/Tutorial/Authentication.pod.

    Here's an extract, "As discussed in the previous chapter of the
    tutorial, flash allows you to set variables in a way that is very
    similar to stash, but it will remain set across multiple requests. Once
    the value is read, it is cleared (unless reset).".


    I tried using FLASH and yet it doesn't work for me.
    The value I set in the flash gets lost after a redirect. Sorry to ask
    but does flash really work and is it reliable? I know setting stuff in
    the session variable is definitely reliable.

    Here are some extracts.

    1) I access www.lginsurance.com.au/subscriptions/add
    2) Since I am not logged in, Root->auto() kicks in and calls Login->index()
    3) The path which I am requesting for (being '/subscriptions/add') gets
    stored in the flash, $c->flash->{'requested_page'}
    4) Looking at the debugging messages printed from Login.pm->, the
    $c->flash->{'requested_page'} is empty (ie lost!)
    5) The login form appears in my web browser and I log in.
    6) All good in that I have authenticated myself but the page that loads
    is the main menu (instead of the
    page I previously wanted which is
    www.lginsurance.com.au/subscriptions/add).

    Does flash really work or should I just use the session variable?


    -------- Root.pm (start) ----------------------------------------------

    sub auto : Private {
    my ($self, $c) = @_;

    $c->log->debug(" Root.pm -> auto and path is ". $c->req->path() );

    if ($c->controller eq $c->controller('Login')) {
    $c->log->debug(" Root.pm -> auto - asked for login path");
    return 1;
    }
    else{
    if ($c->user_exists())
    {
    my $requested_page = $c->flash->{'requested_page'};
    $c->log->debug(" Root.pm -> auto - USER's logged in.
    Proceed.($requested_page)");

    if ( $requested_page )
    {
    $c->log->debug(" Root.pm -> auto - Requested Path is
    getting redirected to.");
    $c->response->redirect(
    $requested_page
    );
    $c->log->debug(" Root.pm -> auto - BACK FROM
    REDIRECTION... ");
    }
    return 1;
    }
    else
    {
    $c->log->debug(" Root.pm -> auto - USER's not logged in.
    Forcing login and setting 'requested_page' = ". $c->req->pat
    h() );
    $c->flash->{'requested_page'} = $c->req->path();

    $c->log->debug(" Root.pm -> auto - USER's not logged in.
    RECHECKING THE 'requested_page' = ". $c->req->path() );

    $c->response->redirect($c->uri_for('/login'));
    return 0;
    }

    }

    -------- Root.pm (end ) ----------------------------------------------

    -------- Login.pm (start ) ----------------------------------------------

    sub index : Private {
    my ($self, $c) = @_;
    $c->log->debug( " in login .pm " );
    my $requested_page = $c->flash->{'requested_page'};
    $c->log->debug(" Login.pm -> index- the path for requested_page is
    .($requested_page)");

    # Get the username and password from form
    my $username = $c->request->params->{username} || '';
    my $password = $c->request->params->{password} || '';

    # If the username and password values were found in form
    if ($username && $password) {
    # Attempt to log the user in

    if ($c->login($username, $password))
    {
    $c->log->debug(" Login.pm [authenticated current user] ->
    index... ");


    # If successful, then let them use the application
    $c->response->redirect( $c->uri_for('/') );
    return 1;
    }
    else
    {
    # Set an error message
    $c->stash->{error_msg} = "Bad username or password.";
    }
    }

    # If either of above don't work out, send to the login page
    $c->stash->{template} = 'login.tt2';

    return 1;
    }


    -------- Login.pm (end ) ----------------------------------------------



    Quoting Oliver Charles <oliver.g.charles@googlemail.com>:
    On Sat, Apr 18, 2009 at 2:34 AM, wrote:>
    hi, everybody,

    [snip]

    upon successful login, how do i get redirect users back to the page they
    wanted to access previously (which is
    www.lginsurance.com.au/subcriptions/add)? At the moment, upon
    successful
    login, menu.tt2 will be called.
    At work we do this with http://tr.im/j75v . If an action requires
    the
    user to be authenticated, they call $c->forward('/user/login'). If
    they are logged in, that action returns immediately and the action
    can
    continue. Otherwise, the current URI is stored in session, and the
    login form is presented. Then, when the login is successful, the URI
    is restored, and the user is redirect.

    However... after seeing Devin's approach, which is essentially the
    same but without the session, I may change to that. I believe the
    two
    approaches are essentially the same though.

    --
    Oliver Charles / aCiD2

    _______________________________________________
    List: Catalyst@lists.scsys.co.uk
    Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
    Searchable archive:
    http://www.mail-archive.com/catalyst@lists.scsys.co.uk/
    Dev site: http://dev.catalyst.perl.org/

  • K. Akimoto at Apr 18, 2009 at 1:34 pm
    Hello, everyone!
    I just implemented the change by storing the value of the path that I
    wish to access into the session.
    It works:)

    Nevertheless, I would still like to find out about your thoughts on flash.

    Thank you

    K. akimoto


    Quoting kakimoto@tpg.com.au:
    Hello, everyone!

    thank you for your recommendations.
    I have looked at the
    http://dev.catalystframework.org/wiki/wikicookbook/nextpageredirect
    link
    and
    http://search.cpan.org/~hkclark/Catalyst-Manual-5.7020/lib/Catalyst/Manual/Tutorial/Authentication.pod.
    Here's an extract, "As discussed in the previous chapter of the
    tutorial, flash allows you to set variables in a way that is very
    similar to stash, but it will remain set across multiple requests.
    Once
    the value is read, it is cleared (unless reset).".


    I tried using FLASH and yet it doesn't work for me.
    The value I set in the flash gets lost after a redirect. Sorry to
    ask
    but does flash really work and is it reliable? I know setting stuff
    in
    the session variable is definitely reliable.

    Here are some extracts.

    1) I access www.lginsurance.com.au/subscriptions/add
    2) Since I am not logged in, Root->auto() kicks in and calls
    Login->index()
    3) The path which I am requesting for (being '/subscriptions/add')
    gets
    stored in the flash, $c->flash->{'requested_page'}
    4) Looking at the debugging messages printed from Login.pm->, the
    $c->flash->{'requested_page'} is empty (ie lost!)
    5) The login form appears in my web browser and I log in.
    6) All good in that I have authenticated myself but the page that
    loads
    is the main menu (instead of the
    page I previously wanted which is
    www.lginsurance.com.au/subscriptions/add).

    Does flash really work or should I just use the session variable?


    -------- Root.pm (start)
    ----------------------------------------------

    sub auto : Private {
    my ($self, $c) = @_;

    $c->log->debug(" Root.pm -> auto and path is ". $c->req->path()
    );

    if ($c->controller eq $c->controller('Login')) {
    $c->log->debug(" Root.pm -> auto - asked for login path");
    return 1;
    }
    else{
    if ($c->user_exists())
    {
    my $requested_page = $c->flash->{'requested_page'};
    $c->log->debug(" Root.pm -> auto - USER's logged in.
    Proceed.($requested_page)");

    if ( $requested_page )
    {
    $c->log->debug(" Root.pm -> auto - Requested Path
    is
    getting redirected to.");
    $c->response->redirect(
    $requested_page
    );
    $c->log->debug(" Root.pm -> auto - BACK FROM
    REDIRECTION... ");
    }
    return 1;
    }
    else
    {
    $c->log->debug(" Root.pm -> auto - USER's not logged
    in.
    Forcing login and setting 'requested_page' = ". $c->req->pat
    h() );
    $c->flash->{'requested_page'} = $c->req->path();

    $c->log->debug(" Root.pm -> auto - USER's not logged
    in.
    RECHECKING THE 'requested_page' = ". $c->req->path() );

    $c->response->redirect($c->uri_for('/login'));
    return 0;
    }

    }

    -------- Root.pm (end )
    ----------------------------------------------

    -------- Login.pm (start )
    ----------------------------------------------

    sub index : Private {
    my ($self, $c) = @_;
    $c->log->debug( " in login .pm " );
    my $requested_page = $c->flash->{'requested_page'};
    $c->log->debug(" Login.pm -> index- the path for requested_page
    is
    .($requested_page)");

    # Get the username and password from form
    my $username = $c->request->params->{username} || '';
    my $password = $c->request->params->{password} || '';

    # If the username and password values were found in form
    if ($username && $password) {
    # Attempt to log the user in

    if ($c->login($username, $password))
    {
    $c->log->debug(" Login.pm [authenticated current user]
    ->
    index... ");


    # If successful, then let them use the application
    $c->response->redirect( $c->uri_for('/') );
    return 1;
    }
    else
    {
    # Set an error message
    $c->stash->{error_msg} = "Bad username or password.";
    }
    }

    # If either of above don't work out, send to the login page
    $c->stash->{template} = 'login.tt2';

    return 1;
    }


    -------- Login.pm (end )
    ----------------------------------------------



    Quoting Oliver Charles <oliver.g.charles@googlemail.com>:
    On Sat, Apr 18, 2009 at 2:34 AM, wrote:>
    hi, everybody,

    [snip]

    upon successful login, how do i get redirect users back to the
    page
    they
    wanted to access previously (which is
    www.lginsurance.com.au/subcriptions/add)? At the moment, upon
    successful
    login, menu.tt2 will be called.
    At work we do this with http://tr.im/j75v . If an action requires
    the
    user to be authenticated, they call $c->forward('/user/login'). If
    they are logged in, that action returns immediately and the action
    can
    continue. Otherwise, the current URI is stored in session, and the
    login form is presented. Then, when the login is successful, the URI
    is restored, and the user is redirect.

    However... after seeing Devin's approach, which is essentially the
    same but without the session, I may change to that. I believe the
    two
    approaches are essentially the same though.

    --
    Oliver Charles / aCiD2

    _______________________________________________
    List: Catalyst@lists.scsys.co.uk
    Listinfo:
    http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
    Searchable archive:
    http://www.mail-archive.com/catalyst@lists.scsys.co.uk/
    Dev site: http://dev.catalyst.perl.org/




    _______________________________________________
    List: Catalyst@lists.scsys.co.uk
    Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
    Searchable archive:
    http://www.mail-archive.com/catalyst@lists.scsys.co.uk/
    Dev site: http://dev.catalyst.perl.org/

  • Jay Shirley at Apr 18, 2009 at 10:06 pm

    On Sat, Apr 18, 2009 at 10:19 PM, wrote:

    Hello, everyone!

    thank you for your recommendations.
    I have looked at the
    http://dev.catalystframework.org/wiki/wikicookbook/nextpageredirect link
    and

    http://search.cpan.org/~hkclark/Catalyst-Manual-5.7020/lib/Catalyst/Manual/Tutorial/Authentication.pod<http://search.cpan.org/%7Ehkclark/Catalyst-Manual-5.7020/lib/Catalyst/Manual/Tutorial/Authentication.pod>
    .

    Here's an extract, "As discussed in the previous chapter of the
    tutorial, flash allows you to set variables in a way that is very
    similar to stash, but it will remain set across multiple requests. Once
    the value is read, it is cleared (unless reset).".


    I tried using FLASH and yet it doesn't work for me.
    The value I set in the flash gets lost after a redirect. Sorry to ask
    but does flash really work and is it reliable? I know setting stuff in
    the session variable is definitely reliable.

    Here are some extracts.

    1) I access www.lginsurance.com.au/subscriptions/add
    2) Since I am not logged in, Root->auto() kicks in and calls
    Login->index()
    3) The path which I am requesting for (being '/subscriptions/add') gets
    stored in the flash, $c->flash->{'requested_page'}
    4) Looking at the debugging messages printed from Login.pm->, the
    $c->flash->{'requested_page'} is empty (ie lost!)
    5) The login form appears in my web browser and I log in.
    6) All good in that I have authenticated myself but the page that loads
    is the main menu (instead of the
    page I previously wanted which is
    www.lginsurance.com.au/subscriptions/add).

    Does flash really work or should I just use the session variable?


    -------- Root.pm (start) ----------------------------------------------

    sub auto : Private {
    my ($self, $c) = @_;

    $c->log->debug(" Root.pm -> auto and path is ". $c->req->path() );

    if ($c->controller eq $c->controller('Login')) {
    $c->log->debug(" Root.pm -> auto - asked for login path");
    return 1;
    }
    else{
    if ($c->user_exists())
    {
    my $requested_page = $c->flash->{'requested_page'};
    $c->log->debug(" Root.pm -> auto - USER's logged in.
    Proceed.($requested_page)");

    if ( $requested_page )
    {
    $c->log->debug(" Root.pm -> auto - Requested Path is
    getting redirected to.");
    $c->response->redirect(
    $requested_page
    );
    $c->log->debug(" Root.pm -> auto - BACK FROM
    REDIRECTION... ");
    }
    return 1;
    }
    else
    {
    $c->log->debug(" Root.pm -> auto - USER's not logged in.
    Forcing login and setting 'requested_page' = ". $c->req->pat
    h() );
    $c->flash->{'requested_page'} = $c->req->path();

    $c->log->debug(" Root.pm -> auto - USER's not logged in.
    RECHECKING THE 'requested_page' = ". $c->req->path() );

    $c->response->redirect($c->uri_for('/login'));
    return 0;
    }

    }

    -------- Root.pm (end ) ----------------------------------------------

    -------- Login.pm (start ) ----------------------------------------------

    sub index : Private {
    my ($self, $c) = @_;
    $c->log->debug( " in login .pm " );
    my $requested_page = $c->flash->{'requested_page'};
    $c->log->debug(" Login.pm -> index- the path for requested_page is
    .($requested_page)");

    # Get the username and password from form
    my $username = $c->request->params->{username} || '';
    my $password = $c->request->params->{password} || '';

    # If the username and password values were found in form
    if ($username && $password) {
    # Attempt to log the user in

    if ($c->login($username, $password))
    {
    $c->log->debug(" Login.pm [authenticated current user] ->
    index... ");


    # If successful, then let them use the application
    $c->response->redirect( $c->uri_for('/') );
    return 1;
    }
    else
    {
    # Set an error message
    $c->stash->{error_msg} = "Bad username or password.";
    }
    }

    # If either of above don't work out, send to the login page
    $c->stash->{template} = 'login.tt2';

    return 1;
    }


    -------- Login.pm (end ) ----------------------------------------------



    Quoting Oliver Charles <oliver.g.charles@googlemail.com>:
    On Sat, Apr 18, 2009 at 2:34 AM, wrote:>
    hi, everybody,

    [snip]

    upon successful login, how do i get redirect users back to the page they
    wanted to access previously (which is
    www.lginsurance.com.au/subcriptions/add)? At the moment, upon
    successful
    login, menu.tt2 will be called.
    At work we do this with http://tr.im/j75v . If an action requires
    the
    user to be authenticated, they call $c->forward('/user/login'). If
    they are logged in, that action returns immediately and the action
    can
    continue. Otherwise, the current URI is stored in session, and the
    login form is presented. Then, when the login is successful, the URI
    is restored, and the user is redirect.

    However... after seeing Devin's approach, which is essentially the
    same but without the session, I may change to that. I believe the
    two
    approaches are essentially the same though.

    --
    Oliver Charles / aCiD2

    _______________________________________________
    List: Catalyst@lists.scsys.co.uk
    Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
    Searchable archive:
    http://www.mail-archive.com/catalyst@lists.scsys.co.uk/
    Dev site: http://dev.catalyst.perl.org/




    _______________________________________________
    List: Catalyst@lists.scsys.co.uk
    Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
    Searchable archive:
    http://www.mail-archive.com/catalyst@lists.scsys.co.uk/
    Dev site: http://dev.catalyst.perl.org/

    Flash works fine, as the tests and documentation state. In fact, the
    documentation you quote shows your problem.

    When you read from the flash, it is cleared. Your login page reads from
    flash, after the auto method sets it and redirects. After the login page is
    displayed, it is no longer set.

    This is why I don't like using either the session or the flash, and instead
    just use hidden parameters (<input type="hidden"...>).

    Then I can also share the links, and it works (I redirect if the user
    already is authenticated). The other thing to think about is to make sure
    that you are only redirecting to a whitelist of domains.

    -J
    -------------- next part --------------
    An HTML attachment was scrubbed...
    URL: http://lists.scsys.co.uk/pipermail/catalyst/attachments/20090419/15809597/attachment.htm
  • Matt S Trout at Apr 19, 2009 at 10:24 am

    On Sun, Apr 19, 2009 at 07:06:14AM +0900, J. Shirley wrote:
    On Sat, Apr 18, 2009 at 10:19 PM, wrote:
    I tried using FLASH and yet it doesn't work for me.
    The value I set in the flash gets lost after a redirect. Sorry to ask
    but does flash really work and is it reliable? I know setting stuff in
    the session variable is definitely reliable.
    That was a really silly question.

    "Does X really work" is basically saying "are the developers idiots?". If it
    didn't work, we'd have a failing test case and be trying to write a patch or
    it'd go into the docs.

    Of course, flash by its nature isn't always safe under e.g. multiple tab
    situations etc. but that's down to -what- it is, not the implementation.
    1) I access www.lginsurance.com.au/subscriptions/add
    2) Since I am not logged in, Root->auto() kicks in and calls
    Login->index()
    Ok, so at this point you haven't changed the URL at all. Why bother changing
    it?

    What I usually do is $c->forward to my login action, which tests for
    __login_user and __login_pass fields and if present, tries to login. If
    that works, it just returns and the request goes on as normal. If not,
    it sets up the login form and does $c->detach.

    For bonus points you can save the POST params (if any) and the HTTP method
    (if not POST) into the login form so you can provide the exact same
    environment - you can't redirect to a POSt request but you -can- allow
    one to continue ...

    --
    Matt S Trout Need help with your Catalyst or DBIx::Class project?
    Technical Director http://www.shadowcat.co.uk/catalyst/
    Shadowcat Systems Ltd. Want a managed development or deployment platform?
    http://chainsawblues.vox.com/ http://www.shadowcat.co.uk/servers/

Related Discussions

Discussion Navigation
viewthread | post
Discussion Overview
groupcatalyst @
categoriescatalyst, perl
postedApr 18, '09 at 1:34a
activeApr 19, '09 at 10:24a
posts7
users5
websitecatalystframework.org
irc#catalyst

People

Translate

site design / logo © 2022 Grokbase