ansaurus

Question

technique for remembering url

Answer 1

+6 A:

store the request url in a hidden field in the login form and once logged in redirect to that url

Sabeen Malik 2009-09-24 12:24:31

You could also try using a session variable

Irfy 2009-09-24 12:29:23

Answer 2

+3 A:

Store it in the session (or maybe even a cookie) before redirecting to the login page

Nicky De Maeyer 2009-09-24 12:27:41

Answer 3

+1 A:

You can use something I really love: HTTP authentication. That way you don't have a redirect to a special Login page in between and deep links work as they should. Trac gets this right, imho.

The other option is that you store the URL in the session you likely are creating. If you don't destroy the session on login then you can use that to redirect to the deep link after login.

Joey 2009-09-24 12:28:13

http auth is not very secure, however

warren 2009-10-26 08:59:03

warren: What is lacking? If you want security (i. e. privacy from eavesdroppers and knowledge that the other party really is who you expect it to be) then you use SSL. Same for every other thing you throw through HTTP.

Joey 2009-10-26 10:08:03

Answer 4

+2 A:

Storing in the session is much better. It allows the user to follow a link (for example a registration link) and to still be redirected to the original page after logging in.

Damien MATHIEU 2009-09-24 12:28:49

Answer 5

+2 A:

I've seen forums put it into the URL, something like www.myurl.com?prevUrl=<prevUrl>. Of course the url stored has to be encoded with encodeURI.

JohnathanKong 2009-09-24 12:29:14

Answer 6

+6 A:

You could pass that URL in the URL itself:

if (!$loggedIn) {
    header('Location: http://example.com/login?return='.urlencode($_SERVER['REQUEST_URI']));
    exit;
}

And after the successful login:

if ($loginSucessful) {
    if (isset($_GET['return']) && substr($_GET['return'], 0, 1) == '/')) {
        header('Location: http://example.com'.$_GET['return']);
    } else {
        header('Location: http://example.com/');
    }
    exit;
}

Gumbo 2009-09-24 12:30:46

Thank you sir. :-)

Gaurav Sharma 2009-09-24 12:48:00

Note that I made a rough validation on the `return` value.

Gumbo 2009-09-24 13:05:26

I do something like this except I store it to a session instead of in the URL

jasondavis 2009-09-24 16:00:43

Answer 7

+3 A:

In the past I have redirected back to the authentication page with the "final destination" page having a redirect URL: http://example.com/login?redirect=/secured/resource.

Remember to URL encode the parameter value. Also, when you are processing the value of the redirect URL, make sure that it is a URL on your site or a relative URL to avoid any security attacks like a phishing scheme. Otherwise, a third party can target your site's login page and then redirect back to their site and might have access to the user's secured session.

The reason I don't use the session to store the URL, is that search engine spiders can end up creating sessions as they hit links on your site that are secured and require login. Since they have to credentials, the session is created just to timeout 30 minutes later.

Kevin Hakanson 2009-09-24 12:41:36

ansaurus

tags:

views:

answers:

technique for remembering url

related questions