As I continue to recreate my website in nodejs, I find myself going back to my old topics and responses to refresh my memory on how I set things up in php and adapt it to nodejs.
In my current todo to accomplish, I need to redirect a user back to the page they were on after they get successfully logged in.
I reviewed the following topic:
However, this solution does not appear to work in a nodejs project because the redirect is on the server side, not the client side.
I need advice how to redirect a user to the page they were on prior to being directed to the login page. To further complicate matters a little bit, I use the Facebook Auth, so its not a typical login form, rather just an anchor button.
You have the referer url available in $_SERVER.HTTP_REFERER
So if page A redirects to page B(your login) you can then redirect them back to A as itās stored in the referer header.
Edit: Actually after a second thought I think this wonāt work as the restrict redirect happens on server so that http header will not be set as it comes from the browser.
You could however store in a server session variable the url($_SERVER.URL) you navigated to just before the restrict happens and then redirect to that after a succesful login.
I receive the following error when using the $_SERVER.URL:
{āstatusā:ā500ā,āmessageā:āHttp status code 400. {āerrorā:{āmessageā:āThis authorization code has been used.ā,ātypeā:āOAuthExceptionā,ācodeā:100,āerror_subcodeā:36009,āfbtrace_idā:āAb7wxb5nLwUXfh9wPJObOOaā}}ā,āstackā:āError: Http status code 400. {āerrorā:{āmessageā:āThis authorization code has been used.ā,ātypeā:āOAuthExceptionā,ācodeā:100,āerror_subcodeā:36009,āfbtrace_idā:āAb7wxb5nLwUXfh9wPJObOOaā}}\n at IncomingMessage. (/opt/node_app/lib/oauth/index.js:95:39)\n at IncomingMessage.emit (events.js:327:22)\n at endReadableNT (_stream_readable.js:1221:12)\n at processTicksAndRejections (internal/process/task_queues.js:84:21)ā}
I think it is because I use the Facebook Auth, it is redirecting back in a loop after being approved.
$_SERVER.URL will redirect to itself, so causing a loop. $_SERVER.HTTP_REFERER is a better choice. Also you need to store it on the first visit and then retrieve it again on the second visit when coming back from the login. Logic can be a bit difficult, it is easier to just redirect the user to the index page after they logged in.
There are situations where this wouldn't work very well. Eg during a checkout process, where someone can log in if they an account; going back to the index page having logged in wouldn't be a good option. There are many similar situations.
I mention this because this type of thing is not much of a problem with PHP. Is it fundamentally more difficult using NodeJS? I have yet to start using NodeJS but at some point, I would like to experiment with it.
Inside the API that you use to apply the security restrict, you can save $_SERVER.PATH_INFO in a session variable. You only do this if the user is not logged in and you do it before the security restrict is applied.
Then on successful login you need to redirect the user to that path if that session variable exists and remove the session variable. For example, in mine I output a redirect_path after a successful login:
thank youā¦ is there any quick hack to get the ā?id=93ā to show as well.
I have a large site with about 300 server actions that was dont in php back in the dayā¦ but i dont have to time to redo the routes and links to /profile/93 , so my url is profile?id=93 ā¦
with $_SERVER.PATH_INFO it gives me the URLā¦ but not the ?id=partā¦
EDIT!.. or i might just be forced to do all the routes overā¦ and relink all of itā¦ eishhhhhhhhh
UPDATEā¦ Busy redoing all the routesā¦ not funā¦ but heyā¦ its neededā¦ and thanks for this great solutionā¦
In the login API action - I amended the condition for the session value to look something like {{$_SESSION.page_ref.length()>1}}. This ensures that if there is no session value, then it takes the user to the dashboard.
I must say that these little tips are great, and thank you to every community user adding tips and tricks.
I know this topic is a bit old but Iām struggling with this. I have the setting of the session in my security_check but where do I check for the session variable? If I try to do it in a condition on the security form success I get an error so suspect Iām doing this in the wrong place?
You cannot access $_SESSION variables on the front-end, you can only access inside a Server Action.
The Server Action should return a trip_id (e.g. Set Value step, with that expression $_SESSION.trip_id inside), and then that way you can access the trip_id coming from the Server Action on the front-end.
Can you explain why itās āless professionalā? Thx.
Also - what would the security vulnerability be? If something other than a number that corresponds to the trip is passed it just goes to the users default trip.
to get the ā?id=93ā to show as well.
