Home/ Questions/Q 9128393
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-17T07:30:13+00:00

According to the symfony 2 documentation, by default if a user tries to access

  • 0

According to the symfony 2 documentation, by default if a user tries to access a secure page they will be prompt to the login page, after a successful login they will be redirected to the original page they intend to. (Reference).

But in my application the user is always been redirected to the / no matter if they try to access mysite.com/blog/post/2/edit.

This is my security.yml:

jms_security_extra:
    secure_all_services: false
    expressions: true

security:
    role_hierarchy:
        ROLE_ADMIN:       ROLE_USER
        ROLE_SUPER_ADMIN: [ ROLE_USER, ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH ]

    providers:
        main:
            entity: {class: Done\PunctisBundle\Entity\User, property: username}

    firewalls:
        dev:
            pattern:  ^/(_(profiler|wdt)|css|images|js)/
            security: false
        main:
            remember_me:
                key: %secret%
                lifetime: 3600
                path: /
                domain: ~
            pattern: ^/
            anonymous: ~
            form_login:
                login_path: /login
                check_path: /login_check
            logout:
                path:   /logout
                target: /

    access_control:
        - { path: ^/login, roles: IS_AUTHENTICATED_ANONYMOUSLY }
        - { path: ^/signup, roles: IS_AUTHENTICATED_ANONYMOUSLY }
        - { path: ^/verification, roles: IS_AUTHENTICATED_ANONYMOUSLY }
        - { path: ^/popup/, roles: IS_AUTHENTICATED_ANONYMOUSLY }
        - { path: ^/ajax/track, roles: IS_AUTHENTICATED_ANONYMOUSLY }
        - { path: ^/ajax/socialbox, roles: IS_AUTHENTICATED_ANONYMOUSLY }
        - { path: ^/$, roles: IS_AUTHENTICATED_ANONYMOUSLY }
        - { path: ^/, roles: ROLE_USER }

    encoders:
        Done\PunctisBundle\Entity\User:
            algorithm:   md5
            iterations: 1
            encode_as_base64: false

And the login form:

<?php $view -> extend('DonePunctisBundle:TemplateBases:default.html.php'); ?>

<?php $view['slots']->start('body')
?>
    <h1 class="worldH1">
                Effettua il <span>login</span> su Punctis<br>e inizia a guadagnare!
         </h1>
         <div id="loginContent" class="container pageContent">
             <?php 
             if(isset($error)){
                 ?>
                <div class="alert alert-error">
                    <?=$error->getMessage() ?>
                </div>
                 <?php
             } else{?>
             <div class="alert">
                <strong>SEI NUOVO?</strong> Se non hai ancora un account, <a href="#">registrati</a> in meno di un minuto!
            </div>
            <?php } ?>
            <div id="loginForm">
                <div class="row">
                    <div class="span3">
                        <h2>Logina via Social</h2>
                         <p>
                            <a href="#" id="signupFacebookStart" class="socialButton">  <?=$this -> get('translator') -> trans('login.via.facebook', array(), 'front'); ?></a>
                        </p>

                        <p>
                            <a href="#" id="signupTwitterStart" class="socialButton tw">  <?=$this -> get('translator') -> trans('login.via.twitter', array(), 'front'); ?></a>
                        </p>
                    </div>
                    <div class="span4">

                        <div id="loginFormCanvas">
                            <h2>Logina via Mail</h2>
                        <form action="<?php echo $view['router']->generate('done_punctis_user_login_check') ?>" method="post">


                                             <label class="control-label required" for="login_email">Mail:</label>


                                                <input type="text" value="<?php echo (isset($last_username)? $last_username: null); ?>"  id="login_email" name="_username" class="input-large">







                                            <label class="control-label required"  for="login_email">Password:</label>

                                                <input type="password"  name="_password" value=""  id="login_email"  class="input-large">




        <label for="remember_me" class="checkbox"><input type="checkbox" id="remember_me" name="_remember_me" checked /> Remember me</label>
                                                <input type="hidden" name="_target_path" value="/" />
                                                <button class="btn btn-primary" type="submit">Login</button> <a id="loginForgetPass" href="#">Password Dimenticata?</a>

                                        </form>

                    </div>
                    <div class="clear"></div>
                    </div>

                </div>

            </div>

         </div>



<?php $view['slots']->stop() ?>
Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    By default, the form login strategy for the property path is, when a user tries to access a secured page without being authenticated, to store the path into the session before redirecting to the login page. So after successfully logging in, the user is redirected to this path. But are two ways of disabling this mechanism.

    If you set the always_use_default_target_path option to TRUE, no path will be stored and the user will always be redirected to the configured default_target_path (default /) after successfully loggin in.

    And if you add a _target_path parameter to your request, the user will be redirected to the path this parameter contains after successfully logging in.

    So in your example, the user is always redirected to the path / after logging in because you have a _target_path hidden field with the value / in your login form.

    • 0