问题
i have to do the following stuff :
My website have some restricted pages. Instead of redirecting the user to the login page, I would like the restricted access pages themselves displays the login form. I want this behaviour because i want the user have the information he is on his expected page and he have to login first.
To do this, I have 2 layout: one for public pages and one for restricted acces page. Seems to be the best way to do.
In both of them. I need to have the session component because I have a logout link to execute ajax onlogout from plugin rainlab.user(obviously i have the {% framework %} tag on both)
So, the "public" page layout have component session with security=all and the "restricted" page layout have component session with security=user but no redirection (option -none- in the backend CMS component redirect list ) and the following code
[session]
security = "user"
==
....
{% if not user %}
<p>you have to login first to access this page</p>
{% partial '/account/signin' %}
{% else %}
{% page %}
{% endif %}
....
with this configuration, when i try to access the restricted page, i have a ERR_TOO_MANY_REDIRECTS error.
BUT If i put security=all, this works like a charm but i'm a bit afraid to do weird thing here especially about security.
so my question: is a good thing to want to proceed like this and if not, what can i do to have an equivalent behaviour
(i tought about displaying the expected information on the login page where user is redirect but have no idea how to do, the intented url in session is always affected, even user click more link since he tried to access restricted page)
thanks !
来源:https://stackoverflow.com/questions/43700066/how-to-insert-login-form-in-a-restricted-acces-page-with-good-security