Document on project page simple solution

Thanks for the idea - cunning. However I'm not sure I would recommend it, except as a short term solution whilst waiting for a stable release.

• You don't get a chance to add an "access denied" header to the log in page.
• This approach serves up the login page with the URL of the denied page. I worry this could cause search engines to index the page (for example if it is linked from somewhere or if the page used to be accessible). Also perhaps browsers or CDNs could cache the page?
• If the user is logged in, the behaviour is slightly odd. In my case, there see access denied (because user can't access /user/login) but it can be in the admin theme instead of the default theme.

@Liam Morland Sorry, you are quite right. I got confused, because the page looks like the login page, and doesn't say "access denied" but of course it is still a 403.

And I've just checked my third point is fine too. Although I was initially nervous about the idea of relying on /user/login to generate an access denied when already logged in, actually it does generate exactly the right message.

So I am starting to realise the benefits of your suggestion, thank you, but that leaves just the first point - there is no message to say "access denied". I feel it would be better to set the 403 page to something that shows a clear access denied message as normal, and then put the login block underneath provided the user is not already logged in. And it should be possible to make a page exactly like that using panels or perhaps with a hook. I will experiment and report any useful ideas here in case it helps anyone else.

This approach is neat because it generates a real 403. This avoids problems like #2855531: Web service requests recieve incorrect status code and the need for the module config parameter r4032login_match_noredirect_pages.

Some experimentation and screenshots.

1) "/user/login". No "Access denied" message. Action links (create/reset password) are missing.
2) Panels+page manager+custom block+login block. (~5 modules and a lot more work than enabling the r4032 module!). Access denied message. Action links are bullets underneath.
3) This module, r4032login. Access denied message. Proper action links. However URL does change.

Your idea is a good one, but in the end I think I might use r4032login.

Interesting. I can't figure out what I am missing.

@Liam Morland, your suggestion is interesting.

However, I think it's not the goal of module project page to explain how to not use the module.

Actually, r4032login provide more features than just displaying the login form on a 403 page and the behavior is quite different than the one you propose.

Maybe you can add a documentation page on drupal.org to provide your tips for other users.

@Nixou thanks for your time.

Actually it was @Liam Morland that raised the issue - I just joined in later. I mostly came along because the module does not yet have a release. If we could have a beta release then hopefully the need for alternative approaches would be less. Thanks!

Yes sorry I was wrong on the pseudonym, I just fixed it in my comment above.

Yeah the goal is to fix all actual issues in 2 next weeks and then I'll release a alpha, beta or stable version (not sure yet).

Great news, thanks!