After login: Redirect to the page before login form

(sorry for my bad english)
Iḿ using Cake 4.0 with Authentication Plugin.
I want the users to get redirected to the page they had visited before visiting to login form.

I made me a working solution with modifiying the headers of the login-request.

login form:


<?= $this->Form->create()?>

    <legend><?= __('Please enter your username and password') ?></legend>
    <?= $this->Form->control('email', ['required' => true]) ?>
    <?= $this->Form->control('password', ['required' => true]) ?>
    <?= $this->Form->hidden('origin', ['value' => $this->request->referer()]) ?>
<?= $this->Form->submit(__('Login')); ?>
<?= $this->Form->end() ?>

<?= $this->Html->link(__("Register as New User"), ['action' => 'register']) ?>
<?= $this->Html->link(__("Password reset"), ['action' => 'recall']) ?>

my users controller (only login method), users controller also uses use Cake\Routing\Router;
and use Cake\Http\Response;

    public function login()
  $this->request->allowMethod(['get', 'post']);
  $result = $this->Authentication->getResult();
  // regardless of POST or GET, redirect if user is logged in
  if ($result->isValid()) {
      //from where did the user come to the login form

      //define where to redirect, if $origin is not valid
      $redirect = $this->request->getQuery('redirect', [
          'controller' => 'Recipes',
          'action' => 'index',

      $origin = Router::url('/',true).$origin;
      $this->response = $this->response->withLocation($origin);
      return $this->redirect($redirect);
  // display error if user submitted and authentication failed
  if ($this->request->is('post') && !$result->isValid()) {
      $this->Flash->error(__('Invalid username or password'));

Iḿ sure there is a better solution in a more CakePHP way, but i did not find it.
Can someone maybe tell me a better way ?


I don’t know for sure, but maybe this is what you are looking for?

This isn’t the answer, I am just clarifying the question. As I understand what you are asking is that a user who is already on your site, has an account, but is not logged in, can use a login and return to the page they were currently viewing?

A perfect example would be these forums themselves. So if you open a private/incognito window and go to After login: Redirect to the page before login form you will see this button: -

Which when clicked does this: -

And after having logged here, here we are back on this thread: -

So obviously it is possible!!

This forum website gives you 2 clues - firstly could have your login dialog as a modal over the top of the existing page, perhaps in an iFrame or just some AJAX in a DIV in the middle of the screen - but not redirecting the whole webpage. Secondly, note that this site is using the full URL path for what page you’re on, which is the typical design for CakePHP as FinlayDaG33k posted using getLoginRedirect().

When inspecting the request, you can clearly see that it also sends a “redirect” value.

Ember (in which the Discourse frontend is written) then takes this and sends you to the same page.
But this is a lot more tricky if your login page is on a different page, in which case you may need something like the getLoginRedirect() or check the referer header.

Your description of my question is right.

I’m a little confused. If you have Authentication setup to redirect automatically to the login form, it should already have the referrer stored in its session, and so no need to set a hidden field.

Check out the example in the Building a Login Action section of the Auth Quickstart page, specifically…

        $target = $this->Authentication->getLoginRedirect() ?? '/home';
        return $this->redirect($target);

hi seagrinch,
thanks for your answer.
For example:
A user is on site “users/view/3”.
Then he hits the “login” button.
On the “login form” he enters the login data.
And then he should be redirectet to “users/view/3”

I tried the example from the “Auth Quicjstart page”, but “$this->Authentication->getLoginRedirect()” is empty and so he redirects to ‘/home’.

Apparently, this is not the thing you want to use D:
I looked at the code for this and it’s not as I expected D:

It takes the queryParam as opposed to getting the referer or something similar.

The earlier discussion was mainly focused on when you get sent to the login page automatically as a result of clicking a link that you don’t have access to. For this, I think you maybe just need to add a redirect parameter to the login link, referencing the current page.

This is what i have done.
I just thought, there is a better solution.

I follow your approach and the hidden input tag has no value at all.

I fixed my issue, simply get the origin from 1st time viewing login page (from GET parameter ?redirect=…) , set to $origin view variable, then in View create hidden input with that $origin.

Then when POSTing the data, get $origin from posted data and set to view again (in case user entered wrong password, user get to see login page again)