query variable lost with exUserFolder
Hi there, I justed tried out exUserFolder (0.20.1 on Zope 2.7.0) to authenticate part of my site against a PostgreSQL data source, but find that after the user is correctly authenticated by the default docLogin form, the redirect back to the original URL is not working as I expected, in that all the query variables were lost. As an example, the original URL that should be protected by authentication is for example: http://192.168.192.128:8080/test/supplier/addItemForm?art=10000261 It is redirected to the docLogin form by docLoginRedirect.dtml using the following URL: http://192.168.192.128:8080/test/supplier/acl_users/redirectToLogin?destinat... The query_string part of the original URL is now there anymore! Having looked at docLoginRedirect.dtml, I noticed that it called makeRedirectPath, which is supposed to calculate the correct redirect path, including query string. But the path is returned in variable destination, which is not ever used in docLoginRedirect. I think this should be a bug. Even if the query_string can be preserved by e.g. using dtml-destination in place of dtml-URL in docLoginRedirect.dtml, I still can't get the redirect to work. The docLogin form is using <FORM ACTION="&dtml-destination;" METHOD="POST"> to go back to the original page. But it seems that the ACTION field can't simply take URL with query strings. The URL is correct now, but browser shows a HTTP 500 error and displays nothing. Only when I refresh the page does the content get displayed correctly. Can someone advise how to get exuserfolder work smoothly with URL with query string? Thanks for any advice. Hong Yuan
Hi, Am Do, den 26.08.2004 schrieb Hong Yuan um 16:36:
Hi there,
I justed tried out exUserFolder (0.20.1 on Zope 2.7.0) to authenticate part of my site against a PostgreSQL data source, but find that after the user is correctly authenticated by the default docLogin form, the redirect back to the original URL is not working as I expected, in that all the query variables were lost. As an example, the original URL that should be protected by authentication is for example:
http://192.168.192.128:8080/test/supplier/addItemForm?art=10000261
It is redirected to the docLogin form by docLoginRedirect.dtml using the following URL:
http://192.168.192.128:8080/test/supplier/acl_users/redirectToLogin?destinat...
The query_string part of the original URL is now there anymore!
Having looked at docLoginRedirect.dtml, I noticed that it called makeRedirectPath, which is supposed to calculate the correct redirect path, including query string. But the path is returned in variable destination, which is not ever used in docLoginRedirect. I think this should be a bug.
Even if the query_string can be preserved by e.g. using dtml-destination in place of dtml-URL in docLoginRedirect.dtml, I still can't get the redirect to work. The docLogin form is using <FORM ACTION="&dtml-destination;" METHOD="POST"> to go back to the original page. But it seems that the ACTION field can't simply take URL with query strings. The URL is correct now, but browser shows a HTTP 500 error and displays nothing. Only when I refresh the page does the content get displayed correctly.
Can someone advise how to get exuserfolder work smoothly with URL with query string?
Thanks for any advice. I'm currently ripping out all these redirects from my copy of XUF. (beside the horrible HTML) I cannot see a good reason to redirect in the first place. You avoid a lot of headaches when your login just goes to the current URL.
The other problematic detail is the handling of POST vs. GET (or URL vars) in Zope. If you do POST (as most login pages do for obvious reasons) all get vars on the URL are ignored. Currently you have to read them from QUERY_STRING and parse it yourself. Regards Tino Wildenhain
participants (2)
-
Hong Yuan -
Tino Wildenhain