WebsiteMembership redirect on logoff not working as expected

3 posts by 2 authors in: Forums > CMS Builder: Plugins & Add-ons
Last Post: May 6   (RSS)

By pgplast - May 5

I am building an application on top of CMSB and have encountered a problem.

I am using WebsiteMembership plugin and have set

$GLOBALS['WEBSITE_LOGIN_POST_LOGOFF_URL'] =‘ /index.php’ (a page not requiring login)

My internal pages are protected by the plugin and the code of those pages uses some $SESSION variables to keep track of things happening in the app.

When a user logs off from one of the internal pages, however, instead of being redirected to /index.php, he is taken to the current url and an error is generated because the page code can no longer access $_SESSION variable values.

The _websiteLogin_logoff() function has :

$logoffUrl = coalesce(@$_SERVER['HTTP_REFERER'], $GLOBALS['WEBSITE_LOGIN_POST_LOGOFF_URL'], $currentPageUrl, '/');

and so the redirect should be going to my index.php page before looking further to $currentPageUrl.

Hence, I don’t understand this behavior.

Can you tell me what might be going on?

Thanks.

By daniel - May 5

Hi pgplast,

When logging off, the script first checks for the "HTTP_REFERER" which essentially means that it will always prefer to redirect the user back to the page they clicked the log off link from, unless they directly entered the URL into the browser address bar.

There are a few ways I can think of to handle this in your situation:

  1. On your internal pages, check to see if the user is logged in and if not, redirect them elsewhere, like this:
    <?php
      if (empty( $CURRENT_USER )) { websiteLogin_redirectToLogin(); }
    ?>​

    This also helps users from accidentally navigating to these pages while logged out. You can use redirectBrowserToURL() instead of websiteLogin_redirectToLogin() if you want to redirect to a specific page other than the login page.

  2. Set up your own logoff page that calls user_logoff(), instead of using _websiteLogin_logoff() or ?action=logoff. You can pass whatever URL you want the logged-out users to reach as a parameter to user_logoff().

Let me know if that helps, or if you have any other questions!

Thanks,

Daniel
Technical Lead
interactivetools.com