Force user to redirect if he is logged in

alexey · November 8, 2019, 1:45pm

Hi guys,
I have a login page and server action “login” which uses Security Provider to log in user based on email and password.
On the client side, I use Dynamic event to redirect user on Success to the Home page.
Pretty standard stuff.

The problem.
If user is logged in and goes to /login page, he still see login form. He can fill it and log in again. Everything works, but this is not the most desired logic.
Should be: if user is logged in and goes to /login page, he is redirected to /home page.

Question. How to do this redirect if user is logged in?
How can it be done on the client side? I call server action only after user is pressing “login” button, but redirect should be done if he is just opening this page.

Thanks!

Teodor · November 11, 2019, 9:02pm

Hello,
You can do this by creating a server action, which returns the user details as explained here:

Then run it on page load, if the user is logged the server action will return data, otherwise it will be empty.
So, with the browser component redirect if the server action returns any data.

Or you can use PHP code to check if the session is created and redirect. The session is only created after successful login.

alexey · November 11, 2019, 9:02pm

Thanks, @Teodor, it helped!

alexey · November 12, 2019, 5:50pm

I, tried option with server connect action, but got stuck with redirect.

What I did:

Created Serverconnect action “checkuser” with DB connection, Security Provider and DB Single query returning User.
Added ServerConnect to the clientside fetching this action, and also Dynamic Event On Success, which makes Browser redirect to with conditional route:
checkUserSC.data.currentUser ? ‘/’ : ‘/login’

When the user is logged in it works fine - redirects to the Home page. BUT, the problem is when the user is not logged in, the second route (’/login’) redirects again and again, because obviously it redirects, calls “checkuser” gets null and redirects again.

I need a solution, when Browser component redirects ONLY if checkUserSC.data.currentUser is not empty, and don’t do anything when checkUserSC.data.currentUser is empty.
Unfortunately, the popular way I found here with the the syntax of route (condition ? option1 : option2 ) means that Browser component works every time just choosing route.

Is there any solution here, @Teodor?

mebeingken · November 13, 2019, 1:32am

Hey Alex,

Shouldn’t you just have the redirect on the success event of the the checkuser server connect action and remove the checkUserSC.data.currentUser ? ‘/’ : ‘/login’ stuff?

checkuser will execute on page load, if it is successful (meaning a user is logged in) it will redirect. If it is not successful (because the user is not logged in and therefore the server side will return unauthorized instead of success) do nothing. Then have a redirect on the form action where somebody logs in, and redirect on success for that as well.

–Ken

alexey · November 17, 2019, 12:35pm

Thanks, @mebeingken
I thought about this option.
I made very simple checkuser server action.

But it means, every time unauthorised user opens login page, checkuser returns “unauthorised” 401 error. Which is not good in terms of browser - it gets errors, and it’s not beautiful way of doing things. I’m still puzzled.

I’m sure there is a way to solve it on the client side, based on checkuser server action which returns either null for not-logged-in user, and user_id for logged-in.

alexey · November 17, 2019, 12:43pm

@Teodor, could you explain how to do that?

If serveraction returns any data (user identity), then redirect to ‘/’ route, if serveraction returns empty, then do nothing. Can not find how to do this conditional Browser.goto.

Teodor · November 17, 2019, 1:04pm

Remove the security restrict step from your server action, it’s not needed.
The restrict step is the one returning then 401 status.

tesla · April 13, 2020, 7:21am

@alexey @Teodor. Ok after about 3 hours I have this working. Teodor you were wrong. The server action always returns a success event, even if the the security provider identity is providing a null value.

What this means is…

If there is a session available the ‘on success’ browser redirect happens and you land safely at the linked page as a logged in user.

If there is no session available the ‘on success’ browser redirect happens anyway, which then causes the security restrict on the next page to kick you back to the login page (if you have it set that way) for the SC to check for a session again. This causes an infinite redirect loop.

The way to solve it is to have the server action use a conditional on the security provider.identity value. Upon the condition that gives a null for the security provider value, use the ‘response’ component to send a ‘server failure’ to appconnect. This then prevents the browser redirect infinite loop and the user can log in. If there is a security provider value, the SC component in app connect will receive a ‘success’ signal and happily redirect the user.

Teodor · April 13, 2020, 7:28am

Probably you are doing something wrong. If the user entered is wrong, then the response is 401 unauthorized.
Also what do you mean the identity is null? Its null in what case? Are you users properly stored I the database?

The success event of the server action will run only when the response is 200.
You don’t need any conditions of this kind. Maybe you are doing something wrong either with the redirect on the page or with the security provider setup.

tesla · April 13, 2020, 9:59am

I didn’t have the security restrict step in the server workflow. I apologise your method works.