I have a server side server action setup on a content page - which is used as security restrict.
This content page - page1 - has layout page - layout1.
My login page - login1 - has a different layout page - layout2.
Post login, I get redirected to a secure page, which is ok.
Now, when I click some link with internal redirection (anchor or browser), the content page page1 is not accessible to the logged in user, so they should get redirected to login page.
For this, my server side server action has a redirect step.
But at this point, rather than loading the layout2 with login1, login1 gets loaded inside layout1.
From the web server logs, what I could understand is that the internal redirection was requesting a “template”, and when the redirect step was encountered, it just returned the login1 content page, instead of both layout and content.
If this is an expected behaviour, how do I redirect user to login page?
Maybe a checkbox to do “non-internal” redirection could work?
Please help.
From what I understand, the SPA is based on a layout page wiith child content pages. Anything outside of that is not regarded as part of the single page.
In your case, I would have a static login page that communicates with the SPA through normal links.
We sort-of tried that as well. In the redirect step, we set the absolute URL of the login page, and it still opened up as content page in layout1.
So, even if the login page was a static page, it would still open inside layout1 from what I understand.
Is it a NodeJS SPA project? I have a similar setup in one of the NodeJS SPA projects, where I have setup two different layouts. The different layouts are applying correctly to the content pages login and page1 respectively when redirecting from another secured page due to security restricts.
Although I haven’t come across any issue with the loading of correct layouts for the login and page1 content pages, I am redirecting the users to their first landing page after login which has the same layout (portal in the screenshot below).
In my setup, when users login, they are redirected to the dashboard page with portal layout. If they click on a link with internal redirection that is not accessible to them, they are redirected back to the dashboard page.
The only reason I set it up this way is because when a user was redirected to the login page after logging in due to security restricts, they were still logged in the application; and the now changed layout page didn’t contain any prompt for them to logout or navigate to another link.
Thanks for the details.
From what I understand, you are doing a forbidden redirect when someone accesses an unaccessible page.
What we are doing is not based on security restrict. Instead, its a direct db query with condition step… Where we logout the user and redirect if they don’t have access.
Maybe we an try with sercurity restrict, but don’t think it will behave any differently.
