TargetPathTrait: Redirect to Previous Page

We now have control over where the user goes after registering. But... it's not as awesome as it could be. Let me show you why.

First, look at my app/config/security.yml file. In order to access any URL that start with /admin, you need to be logged in. For example, if I go to /admin/genus, it sends me to the login page.

Thanks to Symfony's form_login system, if we logged in, it would automatically redirect us back to /admin/genus... which is awesome! That's clearly where the user wants to go.

But what if I instead clicked a link to register and submitted that form? Shouldn't that also redirect me back to /admin/genus after? Yea, that would be way better: I want to keep the user's experience really smooth.

How can we do this?

Using TargetPathTrait

Guess what? It's almost effortless, thanks to a trait that was added in Symfony 3.1: TargetPathTrait. In your subscriber, use TargetPathTrait. Then, down in onRegistrationSuccess, add $url = $this->getTargetPath() - a method provided by that trait. Pass this $event->getRequest()->getSession() and for the "provider key" argument, pass main. Provider key is a fancy term for your firewall's name.

42 lines src/AppBundle/EventListener/RedirectAfterRegistrationSubscriber.php
<?php
... lines 2 - 11
class RedirectAfterRegistrationSubscriber implements EventSubscriberInterface
{
use TargetPathTrait;
... lines 15 - 22
public function onRegistrationSuccess(FormEvent $event)
{
// main is your firewall's name
$url = $this->getTargetPath($event->getRequest()->getSession(), 'main');
... lines 27 - 33
}
... lines 35 - 41
}

What's going on here? Well, whenever you try to access a secured page anonymously, Symfony stores that URL somewhere in the session before redirecting you to the login page. Then form_login uses that to redirect you after you authenticate. The TargetPathTrait is just a shortcut for us to read that same key from the session.

If $url is empty - it means the user went directly to the registration page. No worries! Just send them to the homepage.

42 lines src/AppBundle/EventListener/RedirectAfterRegistrationSubscriber.php
<?php
... lines 2 - 11
class RedirectAfterRegistrationSubscriber implements EventSubscriberInterface
{
... lines 14 - 22
public function onRegistrationSuccess(FormEvent $event)
{
... lines 25 - 27
if (!$url) {
$url = $this->router->generate('homepage');
}
... lines 31 - 33
}
... lines 35 - 41
}

Let's try the entire flow. I'll go back to /admin/genus: it redirects me to the login page and sets that session key behind the scenes. Then, I'll manually type in /register - but pretend like we clicked a link. Register as aquanaut6, password turtles.

Booya! Logged in and on the /admin/genus page. That's a kick butt registration form.

Leave a comment!

  • 2018-08-14 Victor Bocharsky

    Hey Lopoi,

    I'm glad you fixed the problem by yourself, it's even better than to get a ready-to-use solution from somebody. Great work!

    Cheers!

  • 2018-08-14 Lopoi Popoi

    Victor Bocharsky , thanks for your quick reply!

    I used exact code from SO link above and codebase from this KNP tutorial.

    Error messages attached in this thread.

    Actually I changed their code a little and replied also at stackoverflow https://stackoverflow.com/q...

    Now all works as expected using kernel events. So it is not a problem anymore.
    Thanks for your attention to my issue!

  • 2018-08-14 Victor Bocharsky

    Hey Lopoi,

    Yeah, if we're talking about FOSUserBundle - I think the easier way to do so is to add an even listener as in example you provided. What about the error, could you show the code that causes those errors?

    Cheers!

  • 2018-08-13 Lopoi Popoi

    Hey @Victor Bocharsky:disqus ,

    looks like in SF4 the easiest way to redirect already logged-in user to route - to use guard system.
    Or may be there is some event to intercept?

    I tried this https://stackoverflow.com/q...
    solution but had error :


    request.CRITICAL: Uncaught PHP Exception Symfony\Component\Security\Core\Exception\AuthenticationCredentialsNotFoundException: "The token storage contains no authentication token. One possible reason may be that there is no firewall configured for this URL." at /home/vagrant/code/tests/sf4/fosuser-starter-kit/vendor/symfony/security/Core/Authorization/AuthorizationChecker.php line 49 {"exception":"[object] (Symfony\\Component\\Security\\Core\\Exception\\AuthenticationCredentialsNotFoundException(code: 0): The token storage contains no authentication token. One possible reason may be that there is no firewall configured for this URL. at /home/vagrant/code/tests/sf4/fosuser-starter-kit/vendor/symfony/security/Core/Authorization/AuthorizationChecker.php:49)"} []
    [2018-08-13 15:15:07] request.CRITICAL: Exception thrown when handling an exception (Symfony\Component\Security\Core\Exception\AuthenticationCredentialsNotFoundException: The token storage contains no authentication token. One possible reason may be that there is no firewall configured for this URL. at /home/vagrant/code/tests/sf4/fosuser-starter-kit/vendor/symfony/security/Core/Authorization/AuthorizationChecker.php line 49) {"exception":"[object] (Symfony\\Component\\Security\\Core\\Exception\\AuthenticationCredentialsNotFoundException(code: 0): The token storage contains no authentication token. One possible reason may be that there is no firewall configured for this URL. at /home/vagrant/code/tests/sf4/fosuser-starter-kit/vendor/symfony/security/Core/Authorization/AuthorizationChecker.php:49)"} []
    [2018-08-13 15:15:07] php.CRITICAL: Uncaught Exception: The token storage contains no authentication token. One possible reason may be that there is no firewall configured for this URL. {"exception":"[object] (Symfony\\Component\\Security\\Core\\Exception\\AuthenticationCredentialsNotFoundException(code: 0): The token storage contains no authentication token. One possible reason may be that there is no firewall configured for this URL. at /home/vagrant/code/tests/sf4/fosuser-starter-kit/vendor/symfony/security/Core/Authorization/AuthorizationChecker.php:49, Symfony\\Component\\Security\\Core\\Exception\\AuthenticationCredentialsNotFoundException(code: 0): The token storage contains no authentication token. One possible reason may be that there is no firewall configured for this URL. at /home/vagrant/code/tests/sf4/fosuser-starter-kit/vendor/symfony/security/Core/Authorization/AuthorizationChecker.php:49)"} []
    [2018-08-13 15:15:07] request.CRITICAL: Uncaught PHP Exception Symfony\Component\Security\Core\Exception\AuthenticationCredentialsNotFoundException: "The token storage contains no authentication token. One possible reason may be that there is no firewall configured for this URL." at /home/vagrant/code/tests/sf4/fosuser-starter-kit/vendor/symfony/security/Core/Authorization/AuthorizationChecker.php line 49 {"exception":"[object] (Symfony\\Component\\Security\\Core\\Exception\\AuthenticationCredentialsNotFoundException(code: 0): The token storage contains no authentication token. One possible reason may be that there is no firewall configured for this URL. at /home/vagrant/code/tests/sf4/fosuser-starter-kit/vendor/symfony/security/Core/Authorization/AuthorizationChecker.php:49, Symfony\\Component\\Security\\Core\\Exception\\AuthenticationCredentialsNotFoundException(code: 0): The token storage contains no authentication token. One possible reason may be that there is no firewall configured for this URL. at /home/vagrant/code/tests/sf4/fosuser-starter-kit/vendor/symfony/security/Core/Authorization/AuthorizationChecker.php:49)"} []

    Please advise.

  • 2018-08-13 Victor Bocharsky

    Hey Lopoi,

    Good question, the default behavior is to redirect already logged-in users to the homepage (or any other page that makes more sense). So yeah, it makes sense do not show login page for those users. But there's a subtle difference: if you use "remember me" functionality ( see https://symfony.com/doc/cur... ) - then we do need to show login form for those users, i.e. users who authenticated as IS_AUTHENTICATED_REMEMBERED so that they can authenticate as IS_AUTHENTICATED_FULLY. IN some parts of our application we do want to require IS_AUTHENTICATED_FULLY from our users - it makes sense for pages that need extra security. For example, on KnpU we do require IS_AUTHENTICATED_FULLY to view invoices. That means if user has IS_AUTHENTICATED_REMEMBERED only and trying to view his invoice - he we'll be redirected to the /login page to log in again as IS_AUTHENTICATED_FULLY and after successful login he will be redirected back to the invoice page.

    Cheers!

  • 2018-08-12 Lopoi Popoi

    Hello KNP Team and thanks for your videos!

    By the way, how can I handle ALREADY logged-in user if he goes to /login page?
    In my case he sees login form still but has logged-in status in web-profiler bar.

  • 2018-07-02 weaverryan

    Hey Yasiru Nilan!

    Great question! If you're using FOSUserBundle in the "normal" way, then you are using the "form_login" mechanism in security.yml. This login system *automatically* redirects back to the previous page, without you needing to do *any* work. This feature actually doesn't come from FOSUserBundle, but is just part of Symfony's core. So, it should automatically work how you want it to. But, here is more information about how to customize where it redirects: https://symfony.com/doc/cur...

    Cheers!

  • 2018-07-01 Yasiru Nilan

    How to do this redirecting to How to do this redirecting to the previous page with login controller.It doesn't have event listeners like registration controller?the previous page with login controller.It doesn't have event listeners like registration controller?