views:

39

answers:

1

Hi,

I have a loosely coupled web app (one part uses PHP, the other uses WGSI). The WSGI/python framework shares the authentication with the PHP app, meaning that generally, the user should

  1. Log in via the PHP interface
  2. Now the user can access any of the WSGI pages [this part works if the user has logged in]

What I want to do though, is if a user tries to access a WSGI page while not logged in (maybe from a previous bookmark), I would like to redirect him to the login page, and after logging in redirect him back to the orignal URL.

I'm not very experienced with server-side programming, so here are my questions.

  1. How should I redirect the user back to the PHP login page? What should the HTTP status code be? Do I need to set any extra header information?

  2. What is a good way/best practice method to pass the original URL to the login page, and then after logging have it redirect the user back.

Thank you!

+1  A: 

If the user isn't logged in, you could set the status code to 401 Unauthorized and redirect with location: /login.php?dest=/admin/only.php.

This would look like:

header("HTTP/1.0 404 Not Found");
header("Location: /login.php?dest=" . $_SERVER['PHP_SELF']);

in php.

Jud Stephenson
Should read 'Location: ...', case does matter.
jholster
Fixed, good catch.
Jud Stephenson
@Yaggo: Case doesn't matter.
Eli Grey
@Eli, you are right, sorry for misinformation. From RFC 2616: "Each header field consists of a name followed by a colon (":") and the field value. Field names are case-insensitive."
jholster