Automatic redirect to logout on login

Question

Automatic redirect to logout on login

cblp opened this issue 2 years ago · 3 comments

I haven't figured out yet how exactly this happens, but sometimes my website remembers I am on the LogoutR page, and after successful login redirects me to the LogoutR, so I see message You successfully logged in but I'm logged out.

I think, it may be useful to skip LogoutR when trying to save ultimate destination, or when it is read. I can write a pull request, just give me a hint what is the proper solution.

Answer 1 · 2022-11-06T10:19:43.000Z

You could do something like this:

instance YesodAuth App where
 
  onLogin = do
    lookupSession "_ULT" >>= \case
      Just url -> case parseRoute (toSegmentsAndQuery (encodeUtf8 url)) of
        Just LogoutR -> clearUltDest
        _ -> pure ()
      Nothing -> pure ()

Answer 2 · 2022-11-06T18:29:21.000Z

I'm looking at the yesod-scaffold repo (branch postgres). Wouldn't that patch be a nice one for Foundation.hs?
Another possibility might be to implement redirectToReferer and return False if the destination is the logout route. But I'm not sure if the "referer" only refers to the Referer HTTP Header or also to the destination...

Answer 3 · 2022-11-06T20:21:13.000Z

@jezen, it doesn't look like a systematic solution. Yesod already knows what LogoutR is https://github.com/yesodweb/yesod/blob/master/yesod-auth/Yesod/Auth/Routes.hs and defines its behaviour.