redirect_back() only works with a valid referrer i.e., links clicked from within the same tab, it won't work for a new tab - that's one reason it will, in some cases, not work for me as a user (I like tabs).
Another way of making the redirect work (even without a referrer) is to have the logic that redirects to your login method append an URI _GET variable called e.g., "redir". Then you only have to have your form put that into a hidden input field (of which the existence is checked after successful login, then redirect to it), or your form's action also contains the ```?redir=...``` part and you can check for the existence of ```\Input::get('redir')``` when the user has successfully logged in.
Yes, I have thought of it. But do I really need to write that myself? I came from CakePHP and it had the exact feature I'm talking about now. You don't need to pass any valuable via GET to redirect to login in Cake. How could it be accomplished with Fuel?
I mean, I think it's a pretty basic thing. I want it to continue seamlessly after successful login.
The challenge here is to determine what the definition of "back" is.
Say you have a URL "/something/edit" that is protected, and redirects to "/login", which displays a login form. The user makes a mistake so the first post fails, the second succeeds. The referrer is useless in this case, since it will point to the previous page, which is "/login" too. And what if I typed in the URL to the login page manually, and my previous page was Google? You don't want to be redirected to that page either.
So you don't want to go back to the previous URL, you want to go back to the previous application function.
So I would say, set a session flash variable containing the return URL when you enter your login action, but only if not already set, and if it points to some URI in your own application. If it is already set, renew it using the Session keep() method to prevent it expiring.
When the user has succesfully logged in, check if the session key exists, and if so, redirect to it.
Note that this has some side effects too, depending on your application.
Say you want to show the user a dashboard page after login, you don't want this redirect back if the login page was requested by the user, instead of by an error situation.
So you'd probably want a different action, and do the above only in case of an error situation.
And for your "Cake" remark: We believe that this kind of functionality is application specific, and therefore has no place in the framework. You might want an automatic login when you hit an access control issue, someone else might not.
Fuel is a framework that doesn't enforce a single pattern upon the developer. That might mean you have to do a bit more work initially (write all this stuff so it can be re-used), but in return gives you the flexibility to create whatever you want, without restrictions.
I understood perfectly. I need to somehow pass the valuable to /login action as to which action the user originally intended to access. Fuel doesn't cover this kind of action because it is too specific of a functionality. Got it!
It's only about 6 lines of code, and you don't need to pass anything if you don't want to, you could use the referrer at this point.
It depends on how you want to implement it. You could also overload Auth, and create a has_access_or_redirect() method, that checks for access, and stores the return URL in the session and redirects to login if the check fails.
Your login action only has to check if the session value exists, and redirect to it if it does.
I personally find this very dangerous. You can easily create redirect loops if there was an access error but there was already a logged-in user. Or the user that has logged in still has no access to the URL originally requested.
So from an architecture point of view, I find this kind of automation dangerous, and not needed. If a user has no access to something, the user should not be able to navigate to it. And if the user goes to it directly, give an error message and redirect back to where the user came from.