Impersonation and Server side routes

I have a few Iron Router server side routes that render PDF files when ran. There are lots of times when admins will want to impersonate users and render a PDF file on the user’s behalf.

I read this article and manually implemented impersonation.

The only problem I’ve come across is when an admin impersonates a user, and renders a PDF file from a Iron Router server side route, the only way I can find for the admin to back out of that rendered PDF file is to click the back button on the Browser.

By simply hitting refresh or manually changing the URL impersonating will stop.

When the back button on the Browser is clicked, it’s considered a hard URL change I think and the admin gets kicked out of impersonation for the user.

Is there any way to hook onto the Browser back button click event and check if I’m in impersonation mode, and somehow intercede by reenabling impersonation? Or any other ideas on how to keep my admins from getting kicked out of impersonation mode?

I guess what I’m looking for is persistent impersonation across manually changing URLs or Iron Router server side routes.

As an aside,

I set impersonation mode on the client like:


And on the server:


Right now I allow the admins to get out of impersonation mode with a button on the header bar and the following code:


And an Iron Router server side route looks like this:

Router.route('/pdf-files/:_id?', function(req, res) {
  ... snipped code ...

}, {name: 'pdf-file-now', where: 'server'});

I think it should be as simple as not going on that pdf route, instead of that open it in new tab or download file ?


I don’t think I’d want to automatically download the PDF file, but opening in a new tab is an interesting idea.

Opening in a new window did the trick!