Title: Login redirect issues Last modified: April 28, 2018 --- # Login redirect issues * Resolved [willburholt](https://wordpress.org/support/users/willburholt/) * (@willburholt) * [8 years, 1 month ago](https://wordpress.org/support/topic/login-redirect-issues-2/) * The plugin doesn’t allow for the change of the “Login redirect URL” functionality. * Whenever I set it to a custom URL and click the ‘save changes’ button, it puts in the original url of my website’s home page. Viewing 5 replies - 1 through 5 (of 5 total) * [Josh C](https://wordpress.org/support/users/auth0josh/) * (@auth0josh) * [8 years, 1 month ago](https://wordpress.org/support/topic/login-redirect-issues-2/#post-10233785) * Hi again [@willburholt](https://wordpress.org/support/users/willburholt/), * Are you trying to set that somewhere outside of your site? If so, that’s not something we support for security reasons. You should see a “The ‘Login redirect URL’ cannot point to a foreign page.” error message when you try to do that. * Thread Starter [willburholt](https://wordpress.org/support/users/willburholt/) * (@willburholt) * [8 years, 1 month ago](https://wordpress.org/support/topic/login-redirect-issues-2/#post-10240837) * No error message has been shown. It seems like the plugin’s messaging system has lots of issues in general for displaying errors. * And yes, I have been trying to point it somewhere outside of my main site because I do use a multisite with sub domains. You should allow the plugin user to make the choice on setting to an outside URL but with the notification that you consider it to be ‘insecure.’ - This reply was modified 8 years, 1 month ago by [willburholt](https://wordpress.org/support/users/willburholt/). - This reply was modified 8 years, 1 month ago by [willburholt](https://wordpress.org/support/users/willburholt/). * [Josh C](https://wordpress.org/support/users/auth0josh/) * (@auth0josh) * [8 years, 1 month ago](https://wordpress.org/support/topic/login-redirect-issues-2/#post-10240907) * > plugin’s messaging system * There isn’t really a general “messaging system” in place. Every pathway and action has it’s own set of actions someone can take and responses the software can give. In this case, the error should inform you of this case. When I try to save a URL with a different host, I get this: * [https://www.dropbox.com/s/186kzm84ry2i2wn/Screenshot%202018-05-02%2014.31.01.png?dl=0](https://www.dropbox.com/s/186kzm84ry2i2wn/Screenshot%202018-05-02%2014.31.01.png?dl=0) * I’ll confer internally about how secure/insecure this is and whether we want to allow that. In general, we want to default towards “more secure” instead of“ more flexible” but there is a lot of gray area there. * Thread Starter [willburholt](https://wordpress.org/support/users/willburholt/) * (@willburholt) * [8 years, 1 month ago](https://wordpress.org/support/topic/login-redirect-issues-2/#post-10248630) * I have been referring to the many bugs that these notices have had in the past‘ in general’ and not pointing to how it functions. And to which most of these bugs have seemed to have been fixed recently (including the login redirect notice). * And since Auth0 seems to be inclined to having ‘state-of-the-art’ security, I’ll seem to have to implement this custom feature on my own. - This reply was modified 8 years, 1 month ago by [willburholt](https://wordpress.org/support/users/willburholt/). * [Josh C](https://wordpress.org/support/users/auth0josh/) * (@auth0josh) * [8 years, 1 month ago](https://wordpress.org/support/topic/login-redirect-issues-2/#post-10255112) * I guess the question then is … if you try and save that, are you seeing the message there or not? If you’re not seeing that then I’ll definitely take a look. * We’re less concerned with “state-of-the-art,” more so with just getting it right. The issue here might seem small but redirects after authentication need to be very trustworthy. If I log into a site through, say, Google and I land on a page, I’m going to assume I’m in the right place and not be skeptical. That could be a problem if that link is intercepted or altered in-flight. * All that said, at the very least, we should allow redirects within the same network, that, to me, doesn’t compromise anything. I added this as an issue and will address for the next release after the upcoming one: * [https://github.com/auth0/wp-auth0/issues/459](https://github.com/auth0/wp-auth0/issues/459) Viewing 5 replies - 1 through 5 (of 5 total) The topic ‘Login redirect issues’ is closed to new replies. * ![](https://ps.w.org/auth0/assets/icon-256x256.png?rev=3351758) * [Login by Auth0](https://wordpress.org/plugins/auth0/) * [Frequently Asked Questions](https://wordpress.org/plugins/auth0/#faq) * [Support Threads](https://wordpress.org/support/plugin/auth0/) * [Active Topics](https://wordpress.org/support/plugin/auth0/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/auth0/unresolved/) * [Reviews](https://wordpress.org/support/plugin/auth0/reviews/) * 5 replies * 2 participants * Last reply from: [Josh C](https://wordpress.org/support/users/auth0josh/) * Last activity: [8 years, 1 month ago](https://wordpress.org/support/topic/login-redirect-issues-2/#post-10255112) * Status: resolved