How to properly implement conditional redirects?

What’s the right way to set up redirects for different cases on the same page? For example, if current user is logged out then redirect to page A and if current user is logged in but their role lacks permission to access the page then instead redirect to page B.

The handy Page access protection issue article from @flusk helpfully spells out the requirements for an event to properly trigger a 302 direct. I extrapolated that guidance to create 2 separate events on a page, but only one works.

  • The Current User is logged out event works fine (i.e., 302 redirect).
  • However, the Page is loaded event with a condition that references the current user’s role’s permission receives a status of 200 before the workflow’s action then redirects. The condition references only database values–no elements or anything on the page.

Privacy rules

Privacy rules certainly preclude loading data that a user doesn’t have permission to access. How can privacy rules be used to ensure a 302 redirect occurs before a page is even loaded?

Does user have access to role?

Yes, definitely.

Through further troubleshooting, I observed that if the Go to page action’s Data to send property is populated, that results in a 200 redirect, but leaving that property blank results in the desired 302 redirect.

Now, I need to figure out a workaround for the reason that I had that property populated for logged-in users…

1 Like

I have the same problem as you, I wanted to redirect my connected users to their dashboard.

I got around the problem by redirecting the current user to my Login page, which doesn’t require a data user. This page then redirects logged-in users to their Dashboard :upside_down_face:

1 Like

Good suggestion. I also made a dedicated page to serve as a waystation for redirects that need to ultimately land the user on a page that requires data to be sent. I even implemented an option set to drive custom messaging via URL parameters on the new page in case it lingers due to network lag or the user simply interrupts the redirect away from there to the final destination. As @vnihoul77 explained in another thread, using static values in Data to send and URL parameters doesn’t shift the redirect to client-side, but keeps it server-side as a 302.

Considered using instead the standard 404 page for this purpose; only reason I didn’t is that that page’s URL must be …/404, which seems messy for errors that are not “404 not found” but rather, for example, “403 forbidden”.

Indeed I can confirm everything mentioned @davidb. Thanks for the detailed answer, as it will definitely serve other people!

We have this article that covers the subject.

Here’s another detail I identified in the course of working through this.

This applies to the scenario of redirecting a user away from a page that is assigned a Type of content when they do not have access to the page’s specific thing or they have somehow navigated to the page without any thing–i.e., without its slug (e.g., .../product but not .../product/id1 or .../product/id2).

  • Including in the “Page is loaded” event’s condition an expression segment like This Page's Product's Company is not Current User's Company does not necessitate loading the page. When the condition is true, the result is a 302 redirect. However, this only applies if the page is actually assigned a thing–i.e., it has a slug. Without any additional conditions, a page without a slug will load, resulting in a 200 status code.
  • Referencing This Page's Thing is empty apparently also necessitates loading the page, again resulting in a 200 status code. Nonetheless, an alternate approach does work, resulting in a 302 redirect: Use Get data from page URL:count is 1, setting the Get data... operation to use Path segments as list. That operation returns a list starting with the page name, followed by the page’s slug if there is one or by nothing else if there’s not.
3 Likes