From 2d72515f0cf1f991ec5e8f30216df79d555ff2fd Mon Sep 17 00:00:00 2001
From: mathis <m.buchet@sudalys.fr>
Date: Fri, 27 Feb 2026 13:53:53 +0100
Subject: [PATCH] Update login handling to allow default redirection and adjust
 security settings

---
 config/packages/security.yaml           | 2 +-
 src/EventSubscriber/LoginSubscriber.php | 5 +++++
 2 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/config/packages/security.yaml b/config/packages/security.yaml
index c0ddc95..0dde28a 100644
--- a/config/packages/security.yaml
+++ b/config/packages/security.yaml
@@ -58,7 +58,7 @@ security:
                 check_path: app_login
                 enable_csrf: true
                 default_target_path: app_index
-                use_referer: true
+                always_use_default_target_path: false
             logout:
                 path: app_logout
                 enable_csrf: false
diff --git a/src/EventSubscriber/LoginSubscriber.php b/src/EventSubscriber/LoginSubscriber.php
index e9009ba..5a3ea29 100644
--- a/src/EventSubscriber/LoginSubscriber.php
+++ b/src/EventSubscriber/LoginSubscriber.php
@@ -89,6 +89,11 @@ class LoginSubscriber implements EventSubscriberInterface
             $response->headers->clearCookie('logout_origin', '/');
             
             $event->setResponse($response);
+        } else {
+            // Pas de cookie logout_origin : laisser Symfony gérer la redirection par défaut
+            $this->logger->info('Normal login - using default target path', [
+                'user' => $user?->getUserIdentifier()
+            ]);
         }
     }
 }