• Share
    • Twitter
    • LinkedIn
    • Facebook
    • Email
  • Feedback
  • Improve this Doc
Show / Hide Table of Contents

Data Consent Redirect

DNN Version: 09.04.00 • First Appeared in DNN Version: 09.04.00
06/03/2020 • 1 minute to read
Contributors  donker david-poindexter
06/03/2020  • 1 minute to read  • Contributors  donker david-poindexter

When specified the user, upon logging in and having been authenticated but found to be needing to consent to the terms and conditions, is redirected. The idea behind this feature is that 3rd party extensions can embed themselves in the consent flow and offer more fine grained consent options.

Technical Details

A central challenge in extending the data consent flow of DNN is that before data consent a user is not logged in. I.e. after the page redirect the user is not set in DNN and the user will appear to be logged out. To give the 3rd party handler a way to get to the user, a token is passed in the querystring. For this the workflow copies the Password Reset mechanism. The 3rd party extension can use the token (which is valid by default for 60 minutes) to find the user who is trying to log in. It is left to the extension developer to handle this wisely and ensure the extension token doesn't live longer than necessary and the user is logged in at the end of the process.

Back to top by the community, for the community... #DNNCMS