We are moving our forum in GitHub Discussions. For questions about Phalcon v3/v4 you can visit here and for Phalcon v5 here.

not working 'response->redirect'

        public function beforeExecuteRoute(Event $event, Dispatcher $dispatcher) {

            //Check whether the "auth" variable exists in session to define the active role
            $user = $this->session->get('user');
            if ($user) {
                $role = 'users';
            } else {
                $role = 'guests';

            //Take the active controller/action from the dispatcher
            $controller = $dispatcher->getControllerName();
            $action = $dispatcher->getActionName();

            //Obtain the ACL list
            $acl = $this->getAcl();

            //Check if the Role have access to the controller (resource)
            $allowed = $acl->isAllowed($role, $controller, $action);

            if ($allowed != Phalcon\Acl::ALLOW) {
                $this->flashSession->error("У вас нет прав доступа к этой странице");
                return $this->response->redirect('session'); ////////////////////////// <- REDIRECT NOT WORKING

            $this->view->setVar('user', $user);

until recently, worked all fine.

today stopped working this redirect: return $this->response->redirect('session')

all the others work... as, so, I don't understand


thus, no redirect, it loads the admin panel. the script tries to find the session 'user', which is not, and throws an error.

use native PHP header. infact there is no difference between them :)

header("Location: /session");

I've used it in my ACL plugin without any problem.

you can watch my ACL plugin


header("Location: /session"); it's work!

but, 'return $this->response->redirect('session');' what are theoretical reasons not to run this command


and before that worked. now I will not track, which could stop working this redirect.

I can't explain why it suddenly broke, but I always make sure I call


before redirecting.

As for reasons not to call the Phalcon code? Well like @tartanpro said, the Phalcon code is just a shortcut for the native code, so you might as well just call the native code.

Also, strictly speaking - the "Location" header is supposed to have a fully qualified URL, not just a relative or absolute URL.

    if ($allowed != Phalcon\Acl::ALLOW) {
        $this->flashSession->error("У вас нет прав доступа к этой странице");

        // Отключаем все представления

        // Возвращаем редикрект. Если не указать return - продолжится текущий контроллер, а так - прерывание и редирект
        return $this->response->redirect('session');


this PHP code not working.

I always disables the output if it is not required.

... but then loaded controller, which is forbidden for this role

I dont think there is a need to use return keyword since any redirect will break the execution and redirect as specified.


$this->response->redirect('session'); without return keyword.