Consider a web app having 2 pages: /home and /form .
There is also a login page /login .
Both pages require the user to be logged in. To achieve this, both these pages have the “Content Page Properties” -> “Server Side Data” -> “Server Connect” field selected to “/user” server action. The /user server action has a “Security Restrict” action.
Assume that the user went to one of the pages /form or /home directly, without being logged in.
The “Security Restrict” on the /user API redirects the user to /login .
When the user logs in, on the success of the login action, how do I take the user back to the page where they came from?
If the user had reached the /login page by being redirected from /home, then after login, I want the user to be taken back to /home.
This is usually achieved by attaching a “return_to” URL parameter to the /login page when the “Security Restrict” redirects the user. On successful login, the login page can read the “return_to” GET param and redirect there.
But I am unable to figure out how to send the “return_to” param to the /user API . Could someone help me achieve the above objective?
Within a Server Side Data > Server Connect, on the protected content page or layout, if the user is not logged in, I save the page that the user attempted to load in a session variable.
I would assume then that you are calling your api directly (as would normally be done in an Oauth flow,) which is different from calling it via xhr/ajax.
Thanks @mebeingken . The key information in your post was $_SERVER.PATH_INFO .
One additional thing I want to do is: if the page requested by the user is “/form?utm_source=twitter&utm_medium=paid_social”, then I want the redirect to happen to “/login?utm_source=twitter&utm_medium=paid_social” .
To do this, I needed to know what other variables are available under $_SERVER. So, I added a “Set Value” step, and logged the $_SERVER variable to the console. I saw that there is a “QUERY_STRING” property of the $_SERVER object. I then used it to set the URLs in the “Security Restrict” step.
I replicated this method, thanks for sharing!
However for some reason in my case the $_SERVER.PATH_INFO value is the path to the server connect action for restricting pages /api/LoginRestrict, and because of that so is the value set for the redirect_path.
Got any idea what’s wrong here?
Any idea @mebeingken? I did exactly as you described, but even in the console I can’t see the session value being set.
It works with {{$_SERVER.HTTP_REFERER}} by the way, but then the set page_ref value is the login page path, not the restricted page’s path from which is redirected to login.
Finally, on the login form Success event I set a browser.alert (for testing purposes instead of a browser redirect) that outputs CustomerLogin.data.redirect_path.
This is the alert when the page_ref session is set to $_SERVER.PATH_INFO:
Which is the Security Restrict server action url.
And this is the output when the page_ref session is set to $_SERVER.HTTP_REFERER:
Which is the login form page to which the user was redirect from another Security Restricted page.
Hope this helps to figure out what’s not right here.
Oh and probably needless to say I was logged out while testing and clicked a link to a security restricted page after which I was redirected to the login page
Thanks for the reply Ken!
No, it’s not an internal link. I tested with (dynamic) links to several restricted pages, but also by just entering the link in the browser (like an external link).
