returnURL in session? Should it be cleared after use?

Hi Folks,

We’re using Yii2 for our customer portal, and after six months of dev, we went live a couple of weeks ago. I seem to have found what seems to be a bug in the Yii framework. It seems that when the returnUrl is saved into the users session, when they hit a page that they need to be logged in to access, that returnUrl is NEVER cleared. - so every time they login (where we call $this->goBack(’/site/index’), that Url is used again.

While that’s a little unexpected, at first it doesn’t seem like a huge issue.

But what if your /site/logout requires a logged in user?

Yep, as soon as the user logs in, they get logged out. EVERY time they log in ;)

Is this expected behaviour? I can get around it by grabbing the code that is executed for goBack, and pull the values out of the session myself (and clear the returnUrl from the session before actually doing the redirect) - but I thought I’d check if it was supposed to work like that first. Every time I’ve implemented something similar in the past, the redirect session variable has been cleared once fetched. I didn’t want to go report a bug for it, only to have someone go ‘No, that’s expected…’.