Very strange Redirect loop

fhelix72 · July 20, 2009, 3:46pm

I’ve discovered a strange problem that happens when a user not authenticated (so a Guest) try to access an action that requires the user to be authenticated, in this case the browser try to redirect to the site/login action but it goes in loop and it’s not able to open the login page.

I must specify that I change the standard structure of CRUD Yii, so I don’t have Class1Controller that extends directly CController but, as all my classes shares the same actions I’ve introduced an intermediate extension class in which I have all common actions, so i have

a class MyController that extends CController in which I have all common actions functions,

and then i have single Classes controllers that extends MyController so

Class1Controller that extends MyController

Class2Controller that extends MyController

etc…

I leaved in singles ClassXController only the informations specific of the class like name, defaultaction etc…

I’ve discovered that the loop problem is correlated to the fact I’ve moved the 2 functions

accessRules() and filters()

from ClassXController to MyController, if I leave one of the 2 functions (or both) in the ClassXController the problem disappear. I can’t find an explanation to this, by if I have these 2 functions in MyController (so in the intermediate class) there is the loop, I check also in debug and all seems to be the same, also the url to redirect.

Beneath I attach the 2 functions, that seems to have nothing special. I try with internet explorer and firefox, both goes in loop.

If someone could give me a tips about this, if you think I made something wrong, otherwise I hope this could be of help for other users in future (I lost 2 days to discover this)

thanks

/**


 * @return array action filters


 */


public function filters()


{


	return array(


		'accessControl', // perform access control for CRUD operations


	);


}








/**


 * Specifies the access control rules.


 * This method is used by the 'accessControl' filter.


 * @return array access control rules


 */


public function accessRules()


{


	return array(


		array('allow', 


			'actions'=&gt;array('create','update', 'admin','delete', 'list', 'show'),


			'users'=&gt;array('@'),


		),





		array('deny',  // deny all users


			'users'=&gt;array('*'),


		),


	);


}

olafure · July 20, 2009, 4:09pm

Could you post the Controller that has the login action ?

Also when you do, select the text and click on the “<>” icon in the forum editor, so it is easier to read

pestaa · July 20, 2009, 4:20pm

I firmly believe the problem comes from the fact that the login action (SiteController/actionLogin by default) is forbidden to see for guests, so they have to login to see the login page, but before they have to login to be able to login… and so forth.

When defining accessRules(), make sure you give guests access to reach general site features.




public function accessRules()

{

  return array(

    array('allow',

    'actions'=>array('login'),

    'users'=>array('*')),


[...]

fhelix72 · July 20, 2009, 6:31pm

Great Pestaa,

you’re right, I add ‘login’ in accessRules for ‘*’ and now the redirect goes well.

I only don’t understand why it is not necessary if accessrules is at classeXController level, but the important is that now it functions.

Thank you very much, also to Olafure.

pestaa · July 20, 2009, 6:54pm

I suppose you want to inherint access rules, but that don’t work automatically. In child controllers, you have to merge those rules with something like:




public function accessRules()

{

  return array_merge(parent::accessRules(), array(

    // here you can define rules as usual

  );

}