One way to do this is to use EE conditionals and EE redirect.
EE provides some useful short conditionals - for example {if logged_in} that let you determine (for example) if the user is logged in or not.
You can combine this with a redirect to send people who are not logged in to another page like this…
{if ! logged_in}
{redirect='group/template'}
{/if}
If you would rather avoid a redirect, you can do something similar that is seamless using layout variables… but due to the way layout variables are instantiated and how layout itself works you need to spread the conditional across two templates to get it to work…
// Template 1
{layout='group/_template_1'}
{layout:set name="redirector" value="group/template"}
{if ! logged_in}
{layout:set name="redirector" value="alt_group/alt_template"}
{/if}
...
// Template group/_template_1
{layout={layout:redirector}}
HTH
That would just be a redirect for logged users and is not actually asking them to confirm their authentication. The idea behind a feature like this, which other frameworks like Symfony or Laravel have, is for security reasons on sensitive settings. In case someone left the browser or the session active and a malicious third party person tries to change something, they can’t as they need to re-enter the password. Expression Engine also has this on the control panel settings that require the admin to re-enter the password to change something.
If you just redirect without actually confirming the login, then it has no purpose in terms of security.
You asked: “What is the best approach to request the user to log in to access a specific template, assuming he is already logged in.”
To do this, the first thing you need to do (based on what you said) is to find out if the user is logged in and if so somehow change the content they see based on this (by redirecting the user to a second template that can confirm that they are logged in…) You asked about the redirection not how you would actually do the reconfirming.
If actually what you want to know is how to do the reconfirming, ultimately you need to getting them to log in again - only question is how.
However you do it, what you need to do therefore is to log them out and get them to log back in again via a form that redirects them on to where ever you want them to go to.
Doing this is not complicated if you are working this through an add-on (something similar is used by JCOGS One-Time-Passwords - a TFA add-on for EE6).
If you are trying to do this via templates only it might be more difficult. I don’t know if there is an EE system variable that will simply log someone out: maybe one route would be to put a logout form into the template and submit it via javascript (you can set the return template in that form to be a suitable login form that when completed redirects to the hidden page).
If you are good at javascript you could do something AJAXy that polls the Action ID for the action Member / member_logout (appears to be 15 on several of my systems) and use that instead (i.e. polling the URL <domain>?ACT=15 in such cases will log the current user out), and then pops up a login form with suitable redirect.
HTH
That’s useful! This kind of feature, which is present in other frameworks like Symfony or Laravel, is intended to protect sensitive settings. If the browser was left open or the session was started, a malevolent third party could attempt to alter the data but would be prevented from doing so by having to reset the password.
Packet Tide owns and develops ExpressionEngine. © Packet Tide, All Rights Reserved.