Slav

Need help with expired session redirect...

11 posts in this topic

Hey Guys! Im new to PW and am working on a website built on PW. Im trying to understand how sessions work in PW. Specifically what exactly is happening when session expires. The thing is that my client wants to be redirected to homepage whenever session expires, so basically he doesnt want to be redirected to admin login page when he's in the admin environment of PW(he doesnt want his clients to see the admin login page for whatever reason). Is it possible to hook to the session expiration and redirect to a specific url? And what is the correct way to do it in PW?

I would appreciate the help!

Cheers!

Share this post


Link to post
Share on other sites

@Slav Welcome to the forum. Take this as a first approach

 

$homeUrl = $pages->get(1)->url;
// Prevent redirect to admin login. Redirect to homepage instead
if (!$user->isLoggedin() && isset($input->get->login)) $session->redirect($homeUrl);
if ($user->isLoggedin() && isset($input->get->login)) $session->redirect($customLoginUrl);

// set custom login/ logout urls
$login = $modules->get('ProcessLogin');
$login->setLoginURL($customLoginUrl);
$login->setLogoutURL($homeUrl);

 

1 person likes this

Share this post


Link to post
Share on other sites

Welcome Slav!

You might also be interested in this one:

Or this one:

Hope this helps.

1 person likes this

Share this post


Link to post
Share on other sites

Thank you guys for the replies!

@kixe

Okey this looks interesting. Where exactly should I use this snipet? And can you explain the logic little bit.. why is $customLoginUrl important there?

@szabesz

I checked the posts that you provided. I am already using this (in site/ready.php file):

wire()->addHookBefore("ProcessLogin::executeLogout", null, "setRedirect");
function setRedirect(HookEvent $event) {
   $event->object->setLogoutURL(wire('pages')->get('/')->httpUrl);
}

And it works great, but it only works when you perform Logout procedure (I needed that aswell though) not when the session expires.

In the other post they talk more about redirecting particular user to home page when he is performing login but its again not exactly what I am looking for. There is some interesting info about templates-admin "default.php" file... how does it work? Do I have to use default.php file? Whats the reason? Can anyone explain to a beginner?

 

Cheers!

Share this post


Link to post
Share on other sites
On 28.4.2017 at 9:02 AM, szabesz said:

Maybe @kixe is talkign about somthing like this (but let's ask him to clarify...):

The code I have posted is taken from a frontend login template. The frontend has a complete suite of register, login and logout templates. I use core processes in the frontend. To prevent redirects to the backend in case of successfull login/ logout or an expired session I set login and logout URLs before I execute the Process. The customers are PW users with very limited permissions.

I gave the admin area a very strange name (default: processwire) like '6gt0klw5a14' to hide it from guests or frontend users.
You can additionally protect the login with a custom cookie or IP filter in your .htaccess file.


Calling any target in the admin area without a valid session will cause render of the Login page instead. Its not recommended to change this.

2 people like this

Share this post


Link to post
Share on other sites

@Slav, another option is to set a redirect URL in the "Access" tab of the template that has restricted access. So if I user attempts to access a page with that template when they are not logged in (for any reason - either they logged out or their session expired) they are redirected to a page of your choosing.

2017-05-01_112745.png.b291e057204d987e39dd2f4df75357b7.png

4 people like this

Share this post


Link to post
Share on other sites
4 hours ago, Robin S said:

@Slav, another option is to set a redirect URL

... but not in admin template. :P

1 person likes this

Share this post


Link to post
Share on other sites
On 1.5.2017 at 2:29 AM, Robin S said:

@Slav, another option is to set a redirect URL

Yeah... I would need to redirect out of the admin template... :/ 

 

On 30.4.2017 at 9:14 PM, kixe said:

The code I have posted is taken from a frontend login template.

I dont think that this is what I need... All I need is not to show the admin login page to the users (ever) if they dont use the direct link to the admin login page. So basically in frontend when users login, they can direct themselves to the admin environment page edit and when they logout from admin environment it will redirect them to frontend. So basically the admin login page is not needed (at least not needed to show to users). But the problem right now is that if user is in admin environment and is editing their page and if the session expires it redirects automatically to admin login page, but what I would need is when the session expires (in admin environment) then redirect to frontend. Usually it is possible to intercept or hook session expiration and do stuff according to that but I don't know how to do that in Processwire...

to sum it all up I need: When session expires redirect to frontend... I have an idea that I am going to try, so I will let you know if it works...

Share this post


Link to post
Share on other sites
On 30.4.2017 at 9:14 PM, kixe said:

Calling any target in the admin area without a valid session will cause render of the Login page instead. Its not recommended to change this.

@kixe Where is it rendered (what file)? I want to explore that part! Thanks!

Share this post


Link to post
Share on other sites

Ok so I managed to get the result that I was searching for! This is what I did:

In site/ready.php file I added this snippet:

wire()->addHookBefore('Page::loaded', function(HookEvent $event) {
    // Get the object the event occurred on, if needed
    $page = $event->object;
    if($page->template->name == "admin" && wire('user')->id === wire('config')->guestUserPageID){
        wire('session')->redirect(wire('pages')->get('/')->httpUrl);
    }
});

I'm not sure if it is the best way to do that, but I was unable to find a way through sessions so desided to try another approach! For me it does exactly what I needed because the website I'm working on has frontend login where you can navigate to page edit according to your permissions, so the admin login page is not necessary. Well at least that's what client wanted!

Anyway thanks guys for help!

1 person likes this

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

  • Similar Content

    • By bmacnaughton
      When I delete a page name, e.g, /cart/, using the admin interface it goes into trash and gets the name /trash/2573.1.11_cart/ .
      I see that, with the Pages::trashed hook that the previous page name (previousPage) can be accessed.
      Where can I more information about what happens when a page is put into trash and what the name means?
    • By Kiwi Chris
      I'd really like Processwire to have a robust page based permissions system rather than just template based out of the box.
      If the page tree is compared to a file system, it would be nice to be able to set owner (user), group (role) and public permissions on a page and have this propagate to sub-pages unless explicitly over-ridden.
      With a large site, it's quite possible to have multiple sections that use the same templates, but where editing needs to be assigned to different people, for different parts of a site.

      I've seen some proofs of concept that have never been updated or maintained, so I'm sure it can be done, but this is a bit of a show-stopper for me with an otherwise excellent CMS.
      I might be able to have a go at something myself, but since this is security related, and I haven't had a go at module development before, it would be really handy to have something robust that just works.
    • By suntrop
      The last days two new sites went online and both got a SSL certificate installed.
      But one has a HTTP problem, although both are configured the same (seem to be). When I run 
      curl -I -L https://www.example.com/
      (http://bit.ly/2pOdjGj)
      it gets redirected to itself again and again. I had a HTTPS redirect in my .htaaccess but have removed it. The home template was configured to use only HTTPS but is now configured to accept both. If I change that to HTTP only, I get and error.
      The origin must come from PW, because all files not processed by PW don't have the redirect problem.
      I had a look at the /site/assets/cache/ folder but don't know what to delete. And there is a cache table in the DB as well. Don't know either if I can just delete its entries.
      Apache 2.4.18 
      PHP 7.0.11
      PW 3.0.42
      No dedicated cache installed, no cache activated in PW
    • By bmacnaughton
      When a PageTable field in a specific template is being edited I need to know the Page that contains the PageTable so I can fill in hidden fields in the PageTable.
      I can capture the page being edited via:
      // $this->addHookBefore('ProcessPageEdit::execute', ... public function pageEditExecuteBefore(HookEvent $e) { $p = $e->object->getPage(); if ($p->template !== 'rtw-product') return; // $p is the page being edited } I can intercept PageTable entry being saved:
      // $this->addHookBefore('Pages::save' public function savePageBefore (HookEvent $e) { $p = $this->wire('page')->id; $page = $e->arguments('page'); $obj = $e->object; $name = $page->name; // page name of PageTable page $template = $page->template->name; // template of PageTable page $parent = $page->parent->name; // parent directory for PageTable items What I am trying to find is the page in which the PageTable field is located.
      I've also tried having pageEditExecuteBefore() saving $p in $this->context and then accessing that in savePageBefore() but it's a different instance of the class because $this->context is null when it gets to savePageBefore(). I could save the page ID in session, but that seems error prone.
      Does anyone know how to achieve this?
    • By NorbertH
      I have a PW page that is about 2 - 3 Years old . 
      After an upgrade to Version 2.6  all  Pages and modules where gone in Admin backend. 
      As i had no time to look after the page i left it like it was for quite a while. 
      Now that i needed to get the Page online again i searched whith google anf fount that i should upgrade the page to PW 2.7.3
      As the Upgrade to 2.6 was done in a hurry , its perfectly possible that i accidentallly upgraded from 2.0 to 2.6. 
      Please have a look at the images to see the desaster in full color ....