Mr Treublaan 1-3
1097 DP Amsterdam
The Netherlands

Drupal 8 development: always redirect all logged out visitors to the login page

Make sure nobody sees your delicate content
12 Feb, 2018 Drupal

Home Blog Drupal 8 development: alw...

One way sign

Currently we are busy constructing the production of a realtime messaging platform in Drupal and NodeJS, look at it as a ‘WhatsApp for Business’. This Drupal system works like a web app; logging in is mandatory. How do you make sure that logged out visitors must log in to Drupal 8 before they are allowed to continue?

Drupal has many out-of-the-box functionalities, as well as a powerful API, but because it has so many functions many tracks are standardly available for anonymous visitors. We’d want to make all paths unreachable, until you log in.

That means that visitors always will be redirected to the login screen as long as they aren’t logged in. You wouldn’t want an anonymous user reaching internal news on the homepage.

Redirect URL in Drupal 8

  • Basically, we want all url’s / paths be made unavailable for non-logged in visitors, except explicitly specified pages like:
  • Login (/user)
  • Forgot password (/user/password)
  • Login link (user/reset/login)

in Drupal 7 you could use the module Logintoboggan for that purpose. You could also easily work around it in hook_init() or hook_boot() in a custom Drupal 7 module.

Quest

This was quite a puzzle, and we soon found some examples as well as exceptions. Everytime it didn’t work how we wanted it to. This example was the most useful.

Implementation in Drupal 8

Eventually, we got it working with the help of following code in a custom Drupal 8 module:

services.yml

put this file in your module root, and format yourmodulename.services.yml:

RedirectAnonymousSubscriber.php

Put the file RedirectAnonymousSubscriber.php in folder /src/EventSubscriber/ and do your custom thing:

Deze code haakt in op de EventSubscriber van Symfony, het framework waar Drupal 8 op gebouwd is.

Wrap up

Alright, that's it. I hope the information as described will help you to always redirect visitors to the login page. Questions or feedback? Let me know!

We are always looking for optimal use of Drupal contrib modules. But in some cases they do not meet the necessary requirements, wishes, stability and / or security. In that case, we develop the custom code; possibly with the help of snippets from other modules.

When we have to develop custom work, we always try to make it generic, so that a contrib module can be produced and released on Drupal.org. We always do this in consultation with the client.

One such example is the newly released "Conditional Redirect" module: a number of modules came close, but just fell short.

Protect Drupal completely through login It concerns the following functionality: suppose you produce a system in Drupal that is intended for internal use such as a social intranet or project management app.

This system must be available worldwide, but only accessible after people have logged in. In this case you would like all visitors who are not logged in to be linked to the login page.

As an extra wish: certain pages must be publicly available and therefore set as an exception.

The above has been realized in the released module: after installation, all logged out (anonymous) visitors will be redirected to the login page. Exceptions can also be configured here:

Conditional redirect configuration
  • Content types;
  • Specific pages;
  • Specific menu links.

Download de module here

Wrap up

Alright, that's it. Questions or comments aout this module? Let me know, or shoot an issue on the project page on Drupal.org

Photo by Dmitri Popov on Unsplash

Written by Joris Snoek | Feb 12, 2018
Let's Talk

Please tell me all about your project!
Mail , or send a message:

Got some more time?

Related content
09 May, 2023 Drupal

Save time, frustration, and potential content loss.


07 Jun, 2021 Drupal

Programmatically in multiple Views


02 Jun, 2021 Drupal