Following link directly to a page doesn't work if page requires log-in


if a link to a page (requiring login) on a plone site is emailed to a person, and the person clicks on the link. this happens:

goes to site
login comes up
logs in
home page is displayed (not the desired page)

Note: for page not requiring login, the link goes directly to the page.

Thus, the full url to the page is lost during login.

Is this a Plone limitation, or is there a way to fix it?


Normally the came_from parameter is used to tell Plone where to redirect to after login.
So for example:

  1. go to
  2. see the login form and note the came_from part in the url
  3. login using siteadmin / siteadmin
  4. you'll end up at .

Maybe you've customized something in the login forms?

Plone usually handles this correctly.

However, working on making dm.zope.saml2 Plone 5.2 compatible, I hit a bug in Plone where this mechanism was deactivated based on how the url looks like: in short, if the came_from url contained a substring remembering login, then came_from was ignored. I do not know when this bug has been introduced and when is was fixed. Maybe, what you see is related to this bug.

Thanks to both of your for your input. I will pass this to the programmer I'm working with.

I'd like to provide some more information regarding this to see if it is relevant:

  1. i sent a rule on the site with an action of sending out an email. the email contains the variable ${absolute_url}
  2. the email that goes out contains this link to the content "test": .
  3. clicking the link goes the correct page if you are already logged in, if not logged in, goes to the log in page and after login goes the site main page.

please let me know If any of this changes your comments.

thanks again.

The came_from logic is implemented in Products.CMFPlone.browser.login.login.LoginForm.get_came_from. If necessary, debug this method to find out why it fails for your case. Your url does not contain a substring ressembling something related to "login". Thus, you do not set the error, I have seen.

Hi, since the email is being sent via a content rule, would it be the content rule that is the problem or, as you noted, the 'came from..."

I want to have my programmer look into this, and I want to try to give him a head start. any continued help from you is appreciated.

You (or your programmer) look at the generated email and check whether the url there is correct. If so, the content rule is not to blame.

In principle, the "came_from" logic in independent from the way, the url was constructed.: You visit an url which requires authentication; you get redirected to the login form, the original url is remembered in came_from; after a successful login, a redirect to came_from brings you to the original url. Note, that this only works for GET requests (came_from cannot hold the content of a request body). In addition, the "came_from" logic is disabled for some urls (which look like urls involved with the login functionality itself). I have indicated in a previous reply where to look for details.

Thank, I'll pass this along.

i'll update here if i get more info

I am using 5.2 and this works like a champ in: Chrome, Edge, IE.

the only exception is FF. when i click on the link, FF opens and goes to the url and requires login (all makes sense). however, after i enter my login creds and press login, the browser spins for a few seconds as if trying to login, but nothing happens.
In FF settings, I allowed popups for this site (something I didn't have to do for the other browsers) and still nothing.
Any ideas why FF is acting differently?