Wrong user page loaded after user_login_finalize()/user_logout()

Anton

8/18/23, 2:34 AM

I have a third party login custom module that calls user_login_finalize() after authentication, and user_logout() upon logout. Both of these functionalities work except if the user logs in/out from the /user path in Drupal, the page loads the version of the /user page that should have rendered prior to login/logout. So when logging in, the page shows the unauthorized warning that was there at first, until the page is reloaded. When logging out, the page shows the user profile information that was there when the user was logged in.

This code runs in an event subscriber for KernelEvents::REQUEST (my organization's authentication works in a way that the status of whether a user is authenticated can change outside my Drupal site at any time and needs to be checked for before content is loaded).

I'm not sure if the problem has to do with the third party login redirecting, or Drupal's cache, but is there something else that needs to be cleared or reset after using these functions? I used them intentionally to avoid writing duplicate code from what's already in Drupal.

0 + 0

caching

authentication-authorization

Jaypan

8/18/23, 2:38 AM

Sounds like a caching issue. Specifically the anonymous page cache. Try disabling that module and see if the problem goes away. If it does, you may need to set up some cache contexts, or even disable caching for that page.

4uk4

8/18/23, 8:02 AM

Where did you put this code? Normally this runs in a controller or submit handler returning a redirect to build the correct page for the newly logged in or out user.

apaderno

8/18/23, 8:38 AM

When users log out, are they still redirected to /user, or is the URL that appears in the browser address bar different but the rendered page is the user profile page? In the first case, it's the redirect that causes that; in the second case, it's a problem with the page cache.

Anton

8/18/23, 2:41 PM

I updated the description to address the comments/questions. In short, this is a custom module and I call the code in an event subscriber for KernelEvents::REQUEST. This is a caching issue of the /user page as far as I can tell. Is there a way to disable the anonymous user cache for just this page/route?

Score:1

Drupal

4uk4

8/18/23, 4:46 PM

This code runs in an event subscriber for KernelEvents::REQUEST (my organization's authentication works in a way that the status of whether a user is authenticated can change outside my Drupal site at any time and needs to be checked for before content is loaded).

If the authentication status has changed then set a redirect response to built the new page after you have created a new session or destroyed the existing session via the user module functions you have mentioned:

$response = new RedirectResponse(Url::fromRoute('<current>')->toString());
$event->setResponse($response);

0 + 0

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: Wrong user page loaded after user_login_finalize()/user_logout()

TH: โหลดหน้าผู้ใช้ผิดหลังจาก user_login_finalize()/user_logout()

RO: Pagina utilizator greșită încărcată după user_login_finalize()/user_logout()

RU: Неправильная страница пользователя загружена после user_login_finalize()/user_logout()

VI: Đã tải sai trang người dùng sau khi user_login_finalize()/user_logout()

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.