1.8.2-RC2 Problem with login (wrong URL) after autologout

Hi

I have a problem with autologout feature.

My installation is using alias in apache to redirect web traffic to proper folder. The alias is /prezentacje and it works well.
I had to modify .htaccess line to RewriteBase /prezentacje
On this address: http://servername/prezentacje/ I was able to install everything and system works fine except for the autologout.

The logout part works OK - after set amount of time I am logged out and redirected to login screen. But when I enter credentials I should be redirected to a webpage I was during logout but here is the problem - instead of being redirected to http://servername/prezentacje/“page I was earlier” I am redirected to http://servername/“page I was earlier”. The /prezentacje alias is removed.
The login procedure is OK because the session is created. If at that moment I enter manually correct url the page will be displayed with the correct user logged in.
It seems that only the url of previous page is improperly sent to browser.
I am not sure if it is problem with cms or url rewrite in .htaccess file (I haven’t changed anything else in that file)

Any solutions to this problem?
Thank you!

Peter

When the system detects a session expiration, it will store the current route by calling a routine in the application framework we use (Slim2) - in the same way we generate other links around the application (and the same route that redirects you to the login page to begin with).

This will then be stored in a hidden field on the login page, called priorRoute. It sounds to me like this routine is detecting your URL incorrectly.

This is exactly what it does to determine that link:

// Server params
$scriptName = $_SERVER['SCRIPT_NAME']; // <-- "/prezentacje/index.php"
$requestUri = $_SERVER['REQUEST_URI']; // <-- "/prezentacje/page?test=abc" or "/prezentacje/index.php/page?test=abc"
$queryString = isset($_SERVER['QUERY_STRING']) ? $_SERVER['QUERY_STRING'] : ''; // <-- "test=abc" or ""

// Physical path
if (strpos($requestUri, $scriptName) !== false) {
    $physicalPath = $scriptName; // <-- Without rewriting
} else {
    $physicalPath = str_replace('\\', '', dirname($scriptName)); // <-- With rewriting
}

$env['SCRIPT_NAME'] = rtrim($physicalPath, '/'); // <-- Remove trailing slashes

// Virtual path
$env['PATH_INFO'] = $requestUri;
if (substr($requestUri, 0, strlen($physicalPath)) == $physicalPath) {
    $env['PATH_INFO'] = substr($requestUri, strlen($physicalPath)); // <-- Remove physical path
}

$env['PATH_INFO'] = str_replace('?' . $queryString, '', $env['PATH_INFO']); // <-- Remove query string
$env['PATH_INFO'] = '/' . ltrim($env['PATH_INFO'], '/'); // <-- Ensure leading slash

$env['PATH_INFO'] is then what it uses for the link.

This can be found in /vendor/slim/slim/Slim/Environment.php L#147… any chance you can add some logging to file here to see what is being resolved in each case?

I have added a simple
ECHO $env[‘PATH_INFO’];
on L#149 and it shows that on any page leading /prezentacje is omitted. For example:
/layout/view
/dashboard/status
/login

If I hover over any link in CMS the link is presented correctly (e.g. http://servername/prezentacje/layout/view) and everything works except the problem in question.

On any login page (also redirected form autologout) $env[‘PATH_INFO’]; is: /login

I don’t know if it says anything new.
If this log is not enough please suggest what lines should I add to code.

Can you add logs for:

  • $scriptName
  • $requestUri
  • $queryString

Just below those 3 lines?

Curious!

On the correct login page:
SCRIPT_NAME: /prezentacje/index.php
requestUri: /prezentacje/login
queryString:

On the autologout page it is the same - strange:
SCRIPT_NAME: /prezentacje/index.php
requestUri: /prezentacje/login
queryString:

Sorry, i’ve been diverted to something else the last few days.

I think i’ve traced the problem to /lib/Middleware/WebAuthentication.php L#105

Can you change that line to:

$app->flash('priorRoute', $app->request()->getRootUri() . $app->request()->getResourceUri());

Will this also address this?

That is already fixed in RC2

I have made the change and so far it works correctly on Chrome and Edge :slight_smile:
I will change the autologout time to a production setting and test it again but it seems that the change you suggested fixed the problem.

Thanks

1 Like