We want to have a page that displays different content based on whether a user is logged in. If they are logged in, they should be able see their private content. If they are not logged in, there should simply be just a link to a login page. Once they log in, they can navigate back to the original page.
The problem is that when they re-visit the original page after logging in, it's essentially like the page is cached as it still displays the content as if the user is not logged in. However if you refresh the page, it then loads the right content.
$current_user = wp_get_current_user();
if(!user_can($current_user, "custom_user_role")){ ?>
<p>You are not permitted to view this page. Please log in or sign up.</p><?php
}else{ ?>
<p>You are logged in</p><?php
}
I have tested with a new, blank WordPress/WooCommerce install, and the same issues occured.
We aren't using any caching plugins (as this is still very much in development).
I have had the same result in Chrome and Firefox, across various machines.
The closest I have come to an answer was by testing within Chrome, utilising the "Disable cache" option, and had the expected outcome, i.e; the content loaded correctly without needing the refresh.
Is there a simple answer to this?
If not... is there a way to force a local cache refresh when a user logs in?
Related
I have a page with different behavior for users/non-users. If I'm logged in to the admin account to make changes or something, I can see the version of the page for a logged in user, but is there a way to see what the page would look like as if I were not logged in (or as if I were a different user) without having to actually log out or switch accounts?
Users get stuck in a login/out loop experience - ONLY on the /login screen.
I have a membership plugin activated (Restrict Content Pro) that utilizes a login shortcode which I'm using on a /login page. I have a global login/out link, utilizing wp_logout_url(); for logging out.
Behavior works as expected everywhere on the site except the login page. If I logout then return to the login page, I'm shown content as if I were logged in. If I attempt to logout from this page I'm thrown to the "You are attempting to log out of 'x'. Are you sure you want to do this?" error page.
The cookie 'wordpress_logged_in_' is also present only on this page. So, I'm under the impression this is why the site is displaying the 'logged-in content'. My question is - why would this specific cookie only be saved on this specific page? Can I completely destroy it on a log out?
Thanks in advance.
This issue seems to be persistent till date. Are there any updates on solutions for this? Seems to me that WP is not destroying all the cookies relevant to login. After investigating a little I found that the login cookie was set for a particular path(in my case it was /my-account). Maybe WP is missing this cookie as this is not set to /.
I have a weird scenario. I have forms authentication working properly. My protected pages are in a folder and if I navigate to them I get redirected to the login page with a return URL in the querystring. So far so good. BUT I have one page that is a search results page. The requirement is that the page hide some of it's data if the user is not logged in, but the rest of the page is viewable as normal.
I did some trickery to hide panels with the authenticated only data, works fine. The issue I have is that if the user goes through the search process (which is multi-step) and after seeing the results wants to log in, they would have to click a login link at the top of the page. This will load the login page WITHOUT a return url. After all, the user clicked a link to a new page (the login page). After submitting the login info, the referrer is now wrong (it would be the current login page).
So without messing up the FormsAuthentication system that works so well for protected folders, how can I return a user to the last place they were after they choose to login on their own (from a non-protected page). I realize that this is not a flaw in FormsAuthentication and the solution might not have anything to do with that at all, just wanted some options. Any suggestions?
You can use this
Request.UrlReferrer.ToString();
It will give you the previous page url.
Edit 1
Here is a similar question on SO
Finding previous page Url
Edit 2
public Page PreviousPage { get; }
Here is msdn link
http://msdn.microsoft.com/en-us/library/system.web.ui.page.previouspage.aspx?cs-save-lang=1&cs-lang=csharp#code-snippet-1
I have a CakePHP website with its own login system. In the same server (but different folder), I have a Wordpress blog. A user that is already logged in the CakePHP website can click a link that takes him to the WP blog and logs him into the blog at the same time. All this works perfectly.
The problem comes when going back to the original CakePHP website. If I place a link in the blog pinting to the website and the user clicks it, he is taken to the website, but his session there is lost, meaning that he has to log in again.
Is there any way to prevent that from happening? Shouldn't the session be still valid even if the user leaves the website? It's not that it expires, I have it set to 30 min.
This also happens even if the user doesn't access the blog via the link in the website. If I log into the website, then open a new tab and enter the blog (without even logging in), and click the link to the website, the session in the website is lost. Well, there's a new session actually (I've been printing the session id and it changes).
Any ideas on how to keep the session open would be useful.
Also, just in case, here's the script that I use to log in a user from the website into the blog:
$sid = $_GET['sid'];
session_id($sid);
session_start();
if (isset($_SESSION['Auth']['User']['username'])) {
require('../blog/wp-blog-header.php'); //includes wordpress functions
$username = $_SESSION['Auth']['User']['username'];
$user = get_userdatabylogin($username);
wp_set_current_user($user->ID);
wp_set_auth_cookie( $user->ID );
}
header("Location: http://myblog.com/"); //Redirect user to the blog
Check your Security level. In some cases, it does a check on the 'referer' site. If you are coming from a WP blog, it might have a fit about that. That is what I am assuming is happening since it is generating a new session id.
When i hit back in the browser the user is still logged in. can someone help please?
I'm assuming mean:
"After the user logs out, if they then press back in the browser the page says they are still logged in. How do I stop this?"
If so, what the user is seeing is the browsers cached version of the page - they are not actually still logged in, and if they were to browse elsewhere, then they would see that they are now logged out.
I often get around this by having the LoginStatus control have a LogoutAction of Redirect, and the LogoutPageUrl set to something like the homepage.
That is the correct behaviour for most web applications. Being logged in is a question of state, and does not rely on the page you are viewing.
If you want the back button to log the user out, then it would seem that it is a case of whichever page the previous one was, is where you want logged in users to be automatically logged out. It might be the case that the previous page (accessed through the back option) is the login page, where you would want logged in users to automatically be logged out.
To get a more accurate and more helpful answer, you should specify what behaviour you are expecting, and include details about the authentication system you are using (for example ASP.NET membership).