Easily persist destinations

Not sure if I understand this correctly, but from my scan of the code it seems like it. If I do understand correctly:

1. User clicks on an e-mail or web link to an article on a page.
2. Authentication is required.
3. User gets redirected to log in.
4. User logs in.
5. User gets redirected to the original article they requested.

If that is what this patch enables me to do, I am +20 for it :)

Regards,

Kobus

very nice idea.

I've been using a hack to get this functionality on my current site. It should DEFINITELY be part of the core. If anyone wants to build a theme that doesn't have a login box on every page, this is absolutely necessary.

++1

Well it does not affect the default Drupal login process, but if a theme wants to put a login link on its pages rather than the Drupal-esque login form-on-every-page, then the appropriate way would be to use:

print l(t('Login/Register'), 'user/login', array(), drupal_get_destination());

The idea being that users would get sent to http://www.example.com/user/login?destination=the_node_they_came_from
However, because the destination does not persist, they don't get sent back to the node they came from. Instead they get sent to their user page.

Unless I'm reading it wrong, this patch fixes drupal_get_destination() so that everything works as it should and the user ends up logged in and back at the original node.

-Jeff

Not to blow my own trumpet... well actually I am.

Kobus: The patch that you are looking for the one that I did a month or so ago. Basically if you get a 403 and you are not logged in you will get a login page and then once you have loged it will redirect you back to the page that you we denied access to. This patch is more of an API level change where you are going to need to do some coding before you can make use of it.

I have not yet been able to convince Dries that you cannot do this in Drupal. He has been a little busy laterly so I have not bugged him.

As for this patch. +1 I like it. The idea of not having a login page on a theme, but still come back to the current page is great.

opps forgot the url.

http://drupal.org/node/24050

I tested this patch and it works as expected. By tacking on a destination parameter to the URI I was able to control for example, where the login form takes a user after successful authentication. This is especially helpful for the ecommerce package to redirect users back to the checkout process after logon.

I did some basic security checks to make sure a user couldn't redirect to an absolute URL or traverse web directories, but I still ponder the implications are of allowing anyone to control the destination after a form submit on my site.

That could just be the control freak in me coming out in full swing.

In Simplenews module, I implemented a small hack to cope with redirection when deleting a newsletter. I applied destination.patch, removed the hack from simplenews.module and tested it: it works like a charm.
+1 for me.

Committed to HEAD. Thanks.

smaller version of original patch which can be applied to 4.6.3

This never got applied to 4.6.

Anyway, I confirm that it applies and it works. It should stay here, because this really fixes a bug with the drupal_get_destination()

This is already in core.