Chris89 Posted November 28, 2020 Posted November 28, 2020 So as part of my site integration that I've done, I've added a custom HTML form on my site which will submit login details to the login form on my IPS forum. This works fine, and the user is logged in great. Except when they get logged in, they get redirected back to the forum index, rather than the page they were previously on, on my main site. I've tried adding a base64 encoded 'ref' query string to the URL to provide a redirect URL (i.e. the URL they are on), but this isn't working. It's not so much that it's not working, but just rather by design from what I can gather. I understand why this security measure is in place, to prevent CSRF attacks etc and to prevent redirect to malicious websites. My question really, is, is there some way I can allow IPS to redirect back to my own domain from the login form & the page they were previously on, while keeping this protection in place? It isn't on a seperate subdomain or anything, both the forum and my site are running off the main domain. The only difference is that my forum is in a 'forums' subfolder, and it's redirecting back out of there that I can't currently do. Is this possible? I don't really want to have to modify the core IPS files, so an extension would be better if I have to do any development, but I'd appreciate any advice and guidance on this issue. Thanks guys
Solution Daniel F Posted November 28, 2020 Solution Posted November 28, 2020 We fixed recently a bug which caused the los of the redirect after the login process. This should be resolved in the next release. Chris89 1
Chris89 Posted November 28, 2020 Author Posted November 28, 2020 Fantastic! What sort of timeframe are we looking at? Any way I could fix this now ready in advance of when it's released?
Chris89 Posted February 24, 2021 Author Posted February 24, 2021 (edited) Has this been implemented yet? If so are you able to let me know where abouts in thev PHP this has been done? I've checked the latest version but the login cofde still seems the same... I'm trying to integrate it with my SSO. Edited February 24, 2021 by Chris89
bfarber Posted February 25, 2021 Posted February 25, 2021 On 2/23/2021 at 7:27 PM, Chris89 said: Has this been implemented yet? If so are you able to let me know where abouts in thev PHP this has been done? I've checked the latest version but the login cofde still seems the same... I'm trying to integrate it with my SSO. I expect the next release he was alluding to is 4.6, given that his post was in November and we haven't put out a major maintenance release since then.
Recommended Posts