We are moving our forum in GitHub Discussions. For questions about Phalcon v3/v4 you can visit here and for Phalcon v5 here.

Security Plugin REDIRECT

Hi All,

i've a Security Plugin in a Multi-Module architecture which is responsible of verifying whether a user is allowed to browse the requested page. If still not authenticated, the Plugin uses the Dispatcher to forward the request to the Security controller, which is defined in every module as a derived of a common Security controller class.

Now I'm trying to force the user to surf the appropriate module after authentication but this requires a redirect since no forward is allowed between modules.

One solution is to forward the request to a dedicated Action in Security Controller and then execute the redirect from there, but this would require a way to specify additional parameters during forward (is possible to add extra data to forward call?), and I hope to be able to avoid something ugly such as storing the parameter in session.

Otherwise I need a way to directly call redirect in some way, and that's what I would prefer.

Thanks to all Gianluca


Yes, it is possible to add extra data to forward.

    "action" => "search",
    "params" => array(1, 2, 3)


As far as I understand your problem, it is about user experience? You detect unauthenticated user and you redirect him to a "sign in" form. User provides login, password. When the credentials are fine he is being redirected to the page which he tried to get first.

So I think that you need to somehow save user's desired page. You can save it in session or in a hidden element in a form. I think better option is to save it in session as it is more secure. Phalcon has "session bags" to make saving session data simplier.

//when not being authenticated is detected
$redirect = new Phalcon\Session\Bag('redirect');
$redirect->module = "SomeModule";
$redirect->controller  = "SomeController";
$redirect->action  = "SomeAction";

//then after authentication
$redirect = new Phalcon\Session\Bag('redirect');

In case you don't know them: https://docs.phalcon.io/en/latest/reference/session.html#session-bags.