Reputation: 2848
technique for remembering url
I am trying to achieve a functionality that is able to redirect a user to the URL/address to which he was trying to have access before logging in.
For example:
- A user is trying to access a registered members only area.
- He is given the message that he is not logged in and redirected to the index page.
How do I redirect the user to the 'Step 1' URL when he logs-in successfully?
I hope I am able to explain what I am trying to do.
thanks (in advance) for any help and suggestions :-)
Upvotes: 1
Views: 274
Answers (7)
Reputation: 42220
In the past I have redirected back to the authentication page with the "final destination" page having a redirect URL: http://example.com/login?redirect=/secured/resource.
Remember to URL encode the parameter value. Also, when you are processing the value of the redirect URL, make sure that it is a URL on your site or a relative URL to avoid any security attacks like a phishing scheme. Otherwise, a third party can target your site's login page and then redirect back to their site and might have access to the user's secured session.
The reason I don't use the session to store the URL, is that search engine spiders can end up creating sessions as they hit links on your site that are secured and require login. Since they have to credentials, the session is created just to timeout 30 minutes later.
Upvotes: 3
Reputation: 1307
I've seen forums put it into the URL, something like www.myurl.com?prevUrl=<prevUrl>. Of course the url stored has to be encoded with encodeURI.
Upvotes: 2
Reputation: 655519
You could pass that URL in the URL itself:
if (!$loggedIn) {
header('Location: http://example.com/login?return='.urlencode($_SERVER['REQUEST_URI']));
exit;
}
And after the successful login:
if ($loginSucessful) {
if (isset($_GET['return']) && substr($_GET['return'], 0, 1) == '/')) {
header('Location: http://example.com'.$_GET['return']);
} else {
header('Location: http://example.com/');
}
exit;
}
Upvotes: 6
Reputation: 32627
Storing in the session is much better. It allows the user to follow a link (for example a registration link) and to still be redirected to the original page after logging in.
Upvotes: 2
Reputation: 354734
You can use something I really love: HTTP authentication. That way you don't have a redirect to a special Login page in between and deep links work as they should. Trac gets this right, imho.
The other option is that you store the URL in the session you likely are creating. If you don't destroy the session on login then you can use that to redirect to the deep link after login.
Upvotes: 1
Reputation: 6840
Store it in the session (or maybe even a cookie) before redirecting to the login page
Upvotes: 3
Reputation: 10880
store the request url in a hidden field in the login form and once logged in redirect to that url
Upvotes: 6
Related Questions
- PHP Redirect user and save previous URL in browser's history
- How to retrieve original url in a redirected page using PHP
- Store the URL of the previous page in PHP?
- How to remember url?
- How to keep url data when going to another page
- PHP: Persist form data across redirect
- Remembering which page the user wanted to go to
- Storing redirect URL for later use
- remember POST value when change the URL
- Remembering URL until authentication is complete