Magento: Rewritten controller can not redirect to Login page after Session time out

Question

We have purchased the Embedded ERP Extension for Magento. We have customized it, and have rewritten few controllers also. here is a snippet from my config.xml file

   <admin>
    <routers>
        <mdn_extended>
            <!-- should be set to "admin" when overloading admin stuff (?) -->
            <use>admin</use>
            <args>
                <module>MDN_Extended</module>
                <!-- This is used when "catching" the rewrite above -->
                <frontName>mdn_extended</frontName>
            </args>
        </mdn_extended>
    </routers>

</admin>

  <global>
   <rewrite>
        <mdn_extended_advancedstock_warehouse>
            <from><![CDATA[#^/AdvancedStock/Warehouse/#]]>
            </from>
            <to>/mdn_extended/AdvancedStock_Warehouse/</to>  <!-- THIS IS AJAX CASE  -->
         </mdn_extended_advancedstock_warehouse>

        <mdn_extended_advancedstock_stockmovement>
            <from><![CDATA[#^/AdvancedStock/StockMovement/#]]></from>
            <to>/mdn_extended/AdvancedStock_StockMovement/</to> <!-- this is page REFRESH CASE   -->
        </mdn_extended_advancedstock_stockmovement>
    </rewrite>
 </global>

Now we have an interesting issue here. in first rewrite case if you make any action like sorting / filtering on the grid. It sends and ajax call. In normal case, if session is gone the server returned a denied json like following format

{"ajaxExpired":1,"ajaxRedirect":"http:\/\/upgrade.magento.com\/index.php\/admin\/index\/login\/key\/90d3e0a32ecc2cb8e4183ecde51a0d54\/"}

But in first case, the denied json comes in following format, the url is changed

{"ajaxExpired":1,"ajaxRedirect":"http:\/\/upgrade.magento.com\/index.php\/AdvancedStock\/index\/login\/key\/2e96b02d545ee3fddaea963ae6ec5d35\/"}

Due to this user goes to 404 page.

Now consider the second rewrite Rule.

In this case, if session is timed out and if you make any actions on grid it refreshes the page but instead of going to login page it reports fatal error (trying to get username) After hours of Debugging we found that its the issue of layout handles.

In normal case, if route name is module/controller/action then magento loads layout handle <module_controller_action> from xml file also loads <admin_index_login>

due to that finally <admin_index_login> is rendered. In case of second rewrite magento is not loading <admin_index_login> handle therefore it shows the fatal error.

I'd appreciate any hint or help in this direction. If you guys need any other info I'll be happy to provide you. Thank you so much!

Answer 1

Kindof a late answer but we've also had this problem on another module overriding the sales_order action. We basically solved it by overriding the construct of our custom controllers like this:

protected function _construct() {
    Mage::getSingleton('core/session', array('name'=>'adminhtml'));
    if (!Mage::getSingleton('admin/session')->isLoggedIn()) {
        $this->_forward('adminhtml/index/login');
        return;
    } else {
       parent::_construct();
    }
}

While this solves the issue at hand, the core problem seems to be with the class Mage_Adminhtml_Controller_Action where the denied action calls $this->_redirect('*/index/login'); which basically redirects, in your case, to mdn_extended/index/login. This may actually lead to some security risks, so I suggest you always overrite the controller like this, or change the core class to redirect to adminhtml/index/login.