1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Fixed Failed redirection after Facebook Login

Discussion in 'Resolved Bug Reports' started by xfrocks, Mar 27, 2014.

  1. xfrocks

    xfrocks Well-Known Member

    Steps:
    1. Go to read some thread
    2. Click Facebook Login button on login bar
    3. Login with Facebook, allow/approve all permissions
    4. Associate account as needed
    Expected: Go back to thread in step #1
    Actual result: Went to index page
    XenForo version: 1.3.0

    Problem was with this snippet of code

    PHP:
    class XenForo_ControllerPublic_Register extends XenForo_ControllerPublic_Abstract
    {
    ...
        public function 
    actionFacebook()
        {
    ...
            if (
    $fbAssoc && $userModel->getUserById($fbAssoc['user_id']))
            {
    ...
                
    XenForo_Application::getSession()->changeUserId($fbAssoc['user_id']);
                
    XenForo_Visitor::setup($fbAssoc['user_id']);

                
    $this->_getUserModel()->setUserRememberCookie($fbAssoc['user_id']);

                
    $redirect XenForo_Application::getSession()->get('loginRedirect');
                
    XenForo_Application::getSession()->remove('loginRedirect');
                if (!
    $redirect)
                {
                    
    $redirect $this->getDynamicRedirect(falsefalse);
                }
    ...
            }
    ...
    }
    ...
    }
    The entire session data is cleared in XenForo_Session::changeUserId therefore the stored loginRedirect is gone before the call to retrieve it. In XenForo_ControllerPublic_Register:actionTwitter, the redirect target is retrieve before calling changeUserId, I believe we should do the same in XenForo_ControllerPublic_Register:actionFacebook to redirect user to the right page.
     
    caoanh204 likes this.
  2. Mike

    Mike XenForo Developer Staff Member

    Fixed now thanks. I think this was specific to the case of already associating your account -- other places seem to read the session values before changing the user.
     
    xfrocks likes this.

Share This Page