[Zope] query variable lost with exUserFolder

Tino Wildenhain tino at wildenhain.de
Thu Aug 26 10:56:00 EDT 2004 

Hi,

Am Do, den 26.08.2004 schrieb Hong Yuan um 16:36:
> Hi there,
> 
> I justed tried out exUserFolder (0.20.1 on Zope 2.7.0) to authenticate 
> part of my site against a PostgreSQL data source, but find that after 
> the user is correctly authenticated by the default docLogin form, the 
> redirect back to the original URL is not working as I expected, in that 
> all the query variables were lost. As an example, the original URL that 
> should be protected by authentication is for example:
> 
> http://192.168.192.128:8080/test/supplier/addItemForm?art=10000261
> 
> It is redirected to the docLogin form by docLoginRedirect.dtml using the 
> following URL:
> 
> http://192.168.192.128:8080/test/supplier/acl_users/redirectToLogin?destination=http://192.168.192.128:8080/test/supplier/addItemForm
> 
> The query_string part of the original URL is now there anymore!
> 
> Having looked at docLoginRedirect.dtml, I noticed that it called 
> makeRedirectPath, which is supposed to calculate the correct redirect 
> path, including query string. But the path is returned in variable 
> destination, which is not ever used in docLoginRedirect. I think this 
> should be a bug.
> 
> Even if the query_string can be preserved by e.g. using dtml-destination 
> in place of dtml-URL in docLoginRedirect.dtml, I still can't get the 
> redirect to work. The docLogin form is using <FORM 
> ACTION="&dtml-destination;" METHOD="POST"> to go back to the original 
> page. But it seems that the ACTION field can't simply take URL with 
> query strings. The URL is correct now, but browser shows a HTTP 500 
> error and displays nothing. Only when I refresh the page does the 
> content get displayed correctly.
> 
> Can someone advise how to get exuserfolder work smoothly with URL with 
> query string?
> 
> Thanks for any advice.
I'm currently ripping out all these redirects from my copy of XUF.
(beside the horrible HTML) I cannot see a good reason to redirect
in the first place. You avoid a lot of headaches when your login
just goes to the current URL. 

The other problematic detail is the handling of POST vs. GET
(or URL vars) in Zope. If you do POST (as most login pages
do for obvious reasons) all get vars on the URL are ignored.
Currently you have to read them from QUERY_STRING and
parse it yourself.

Regards
Tino Wildenhain

More information about the Zope mailing list