views:

171

answers:

4

Hello,

When a user tries to access our website via a link (for instance going to www.website.com/privatepage) they are redirected to a login page. Once they login, we want to redirect them to that intended URL - how do you do this?

Also we have a use case where a user logs in from the homepage, or goes directly to the login page with no intended URL - in this case we'd like to redirect them to a default page.

Can anyone help me figure this out?

Technology: Codeigniter, jQuery

Thanks, Walker

+3  A: 

How are they redirected to the login page? Whichever method with which you do that, you can append a GET variable on the end of the login page URL, and then reference that variable on the login page.

So, user wants to access www.example.com/privatepage, but you need them to login at www.example.com/login first. Redirect them to www.example.com/login?targetpage=/privatepage, then in the code for your login page, you can access the targetpage variable.

palswim
+2  A: 

I usually store the page in a PHP session before I redirect to the login page. After logging in, see if the session value is set, if it is then redirect back to that page.

Rocket
+2  A: 

It might be a good idea to have a whitelist of accepted urls when redirecting in this fashion - otherwise, an attacker could send someone a link like example.com/login?attacker.com/fake_examplecom and the user will be redirected to the attacker's site while thinking they have just logged in to your site. The original url pointed to your site, so it looks trustworthy. There's a lot of nasty things that can be done with this, as you can imagine.

Swordgleam
+4  A: 

in your login page:

if you go to www.example.com/private_page

using CodeIgniter (on private page)

// if user is not logged in...
$_SESSION['redirect'] = $this->uri->segment(1);
redirect('login');

on login page

// successfully logged in..
if (isset($_SESSION['redirect'])) {
    redirect($_SESSION['redirect']);
} else {
    // redirect to default page
}
tpae