Frontend redirect to requested page after login

The CMS Questions
1

Hello,

I set up a frontend login using this article: https://getkirby.com/docs/cookbook/authentication

Now if I request a protected page ex. /user/settings, the page redirects to /login, the user logs in and then the user homepage is shown (/user/home).
How can I pass the requested url to /login through the go()-method to redirect after successful login?

Thank you, Anton

2

Can you please post the code you are using?

As a guess without seeing your code, you probably just need to set a path for go:

go('/user/settings');
3

You could store the referring page in the user session and then get it from there. Maybe rather then redirecting to a login page, you may want to consider putting the login form directly on the protected page.

1 Like
4

Storing the requested page in the session is safe and easy.

A more deterministic alternative would be to pass it along query parameters.

Instead of redirecting to just /user/login, you could redirect to something like /user/login?continue=settings.
After sanitizing the continue parameter against a whitelist, you put its value in a hidden field in the login form.

You can then read it during the login check and, after sanitizing it again, use it to redirect to the right page.

personally I would recommend doing what texnixe suggested and replace the protected content with a login form, on the requested page itself. So you don’t need any redirect at all.

1 Like
5

And one more thing: If your protected content includes assets like images etc., don’t forget to protect those files as well using an asset firewall like described here: https://getkirby.com/docs/cookbook/asset-firewall

1 Like
6

Yes jimbobrjames, that’s how the code looks atm.

Thank you for the quick help @texnixe and @rasteiner.

I solved the problem as suggested by storing the requested url in the user session temporarily.

@texnixe I am indeed using the firewall – very important! Storing the requested url in the session has the advantage, that this works with the asset firewall as well.

I might try implementing the on-page login, although I don’t see the advantages at the moment.

Thanks, Anton