Returnurl Always Points To Index.php

trejder · October 15, 2012, 10:00am

Writing here to confirm, and because I don’t have git account, so I can’t rise new issue myself. If bug is confirmed, please start a new issue for me. Thx!

operating system: Windows Seven Home 64-bit
Web server: XAMPP 1.8.1
browser type: Chrome 21
Yii version: 1.1.12

CWebUser.returnUrl always points to “index.php”, if using application only in areas, where you don’t need to login. This is twice inncorrect. First: if user manually login, it will be redirected to index page, instead of page, where he was. Second: it uses “index.php” even if option for showing index.php is disabled in CUrlManager.

Follow these steps (in any Yii application):

ensure you’re logged off,
go to any page that requires user to be logged-in,
login
you’re redirected back to the page you were - i.e. the one you want to open.

Now, follow these steps:

ensure you’re logged off,
go to login page
login
you’re redirected back to home page, not the page you were.

It was discussed many times (here and here for example).

It is a bug! There is no reasonable argument for NOT setting returnUrl for "normal" pages (that do not require login). There is no reasoning for redirecting user to home page after he login, if login was requested manually by him, not by application settings. There is no reasonable argument for solving the same situation two different ways – one for manual login and one for automated loging request.

It many situations, this could be really frustrating - i.e. user is reading some article deep in article tree, login, is redirected to home page and have to manually go back to the article, he read. This small bug can in some situations incluence overall opinion user has on page.

In above mentioned topic (and in many mroe) there are many ways discussed to workaround for this problem. If so many users sees this as a problem and looks for a workaround, then this definatelly have to be done on framework level. Especially, if fixing this is just a few lines of code!

mdomba · October 15, 2012, 10:09am

I don’t understand the above… if you go to the login page… then after login the “return page” would be the login page not the one you where before the login page!

trejder · October 15, 2012, 11:48am

It is me, who doesn’t understand, where do you see a problem? :]

How it is then possible, that you go to page X, Yii discovers, that you have to be logged in, show you the login form and once you’re logged in, you’re back on page X, not on login page?

All I’m asking for is to use the same mechanism as is used for automatically requested logins, for manual ones.

I did not looked into Yii code, so I don’t know, how exactly it is solved now. But I think, that in brief, it could be solved this way: Yii records current page address (route) in returnUrl for every page, not only for those that requires login. Except for login page. Because we know, that if login is successful, we will not want to display this form again. And, if it is not successful, then this form will be displayed again, by logging mechanism.

Or more overall: any solution that will let me to land on the page, where I was, after I login (by manually going to login page). Just as it happens right now, for pages that requires user to be logged in.

I don’t know, how can I express it easier? :]

mdomba · October 15, 2012, 12:29pm

There is a big difference. let’s say we use a default code generated by Gii with a CRUD for the table company.

If I go to the link “myproject/company/create” I want to create / add a new company… so if login is needed Yii redirects me automatically to the login page and then when I’m logged returns me to that page… as that was the page I wanted in the first place.

But

let’s say now I’m on the contact page. I click on the “login” menu option - this time i want to login to the webapp. Why would Yii force me back to the contact page after logging in? Yii is logging me in and returning me to the beginning of the app, if you want something different Yii is letting you code that manually.

On the topics you linked above there is a link to the issue on googlecode, did you read QIang answers there - http://code.google.com/p/yii/issues/detail?id=2778

trejder · October 15, 2012, 7:15pm

Good question: why not? Consider my example. You’re reading an article deep in article tree. You want to vote it, so you’re redirected to login page and then back to article (just like on Yii site, when using thumb up/thumb down). Next time you’re reading the same or different example and you want to login manually. You click “Login” button and are redirected to login page and then to… home page.

Good question: why? I don’t say, this is wrong. It’s just, that I"m an engineer and I need bright, simple explanation, why do we have to introduce difference? Why, when login is forced, I’m returing to the page, where I was, and why, when I login manually, I’m returned to home page? In my opinion, differences should be well supported, because they introduce noise and mess. If there aren’t good arguments for introducing differences, then equality should take place. Each mechanism or organism should introduce minimum possible variations it can. Remember Occam’s razor (http://en.wikipedia.org/wiki/Occam’s_razor)? The number of entities should be limited, not enlarged, per each task.

Number of responses in articles mentioned by me and in others about returnUrl force me to think that most developers thinks, that this should be done internally by Yii. If I’ll have to do this myself, I’ll use request referral, so I’ll be partially duplicating what getReturnUrl is doing right now.

Yes. I’ve read it. Not only I disagree with it, but I think Qiang is talking about something different, then post he relates to is talking about.

Qiang starts his explanation with the sentence: “The first thread post is complaining that returnUrl should be null (or something else) instead of homepage URL”. I’ve read GStar’s post, to which Qiang is refering, two or three times and I haven’t spotted any place where someone would be saying anything about that returnUrl should be empty or null. No, people are complying that returnUrl contains “index.php” instead of real route to page last visited.

Then Qiang says: “The correct way to solve this is to use Yii::app()->user->getReturnUrl($yourUrl). Here $yourUrl will be returned in case returnUrl is not previously remembered”. As someone has pointed out later in that post, getReturnUrl or returnUrl are never empty. They’re always set to “index.php”, in situations, we’re talking about.

To summarize long discussion: If you provide me with any reasonable argument, why returnUrl contains valid route, when login process is forced and why should contain “index.php”, when login is manual, then this will satisfy me enough! Aside of this, I’ll have to implement the code myself, because I clearly see that you don’t follow my arguments, so there are no chances for cnages in Yii code.

jacmoe · October 15, 2012, 9:21pm

You need to handle this in whatever code checks the privileges of the user.

So if you’re being directed to the login page/action because you want to comment, naturally you’d be redirected to the previous page/state.

But, if you login ‘voluntarily’, then you should be logged into whatever page it is you want login to return to. Home page or dashboard - per user preference in some apps.

trejder · October 15, 2012, 9:36pm

After a deeper thoughts and reading some forum posts I’m beginning to think that you (and others, who think the same way) are right.